arcalot / arcaflow-lib-kubernetes-python Goto Github PK
View Code? Open in Web Editor NEWPython library to establish and work with Kubernetes connections
License: Apache License 2.0
Python library to establish and work with Kubernetes connections
License: Apache License 2.0
When running krkn on an aro cluster we found that the api client can not properly authenticate/configure the kubeconfig with the kube:admin user. (See last section for error output) Think this is because the kubeconfig does not have any certs to properly set in the api rest client
We also found this on ibmcloud
Sample kubeconfig file
apiVersion: v1
clusters:
- cluster:
server: https://api.***.eastus.aroapp.io:6443
name: api-*****-eastus-aroapp-io:6443
contexts:
- context:
cluster: api-****-eastus-aroapp-io:6443
namespace: default
user: kube:admin/api-****-eastus-aroapp-io:6443
name: default/api-****-eastus-aroapp-io:6443/kube:admin
current-context: default/api-***-eastus-aroapp-io:6443/kube:admin
kind: Config
preferences: {}
users:
- name: kube:admin/api-***-eastus-aroapp-io:6443
user:
token: REDACTED
We could try to pass the token as part of the apiclient initiation
https://github.com/arcalot/arcaflow-lib-kubernetes-python/blob/b58d8b84c490e5c17567f0a940e0567e13bd3d09/src/arcaflow_lib_kubernetes/convert.py#L392C35-L392C35
Local krkn run output
% python run_kraken.py
_ _
| | ___ __ __ _| | _____ _ __
| |/ / '__/ _` | |/ / _ \ '_ \
| <| | | (_| | < __/ | | |
|_|\_\_| \__,_|_|\_\___|_| |_|
2023-06-28 12:09:40,717 [INFO] Starting kraken
2023-06-28 12:09:40,730 [INFO] Initializing client to talk to the Kubernetes cluster
kubeconfig_string None
kubeconfig_path /Users/prubenda/.kube/aro_kubeconfig
config sha256~xb9gHu95LL4jRRfE_KoY9X41FmiV23TaL8SiwQGtwnk
Traceback (most recent call last):
File "/Users/prubenda/PycharmProjects/kraken/run_kraken.py", line 435, in <module>
main(options.cfg)
File "/Users/prubenda/PycharmProjects/kraken/run_kraken.py", line 109, in main
kubecli.find_kraken_node()
File "/Users/prubenda/PycharmProjects/kraken/venv3/lib/python3.10/site-packages/krkn_lib_kubernetes/client.py", line 1089, in find_kraken_node
pods = self.get_all_pods()
File "/Users/prubenda/PycharmProjects/kraken/venv3/lib/python3.10/site-packages/krkn_lib_kubernetes/client.py", line 416, in get_all_pods
ret = self.cli.list_pod_for_all_namespaces(pretty=True)
File "/Users/prubenda/PycharmProjects/kraken/venv3/lib/python3.10/site-packages/kubernetes/client/api/core_v1_api.py", line 17309, in list_pod_for_all_namespaces
return self.list_pod_for_all_namespaces_with_http_info(**kwargs) # noqa: E501
File "/Users/prubenda/PycharmProjects/kraken/venv3/lib/python3.10/site-packages/kubernetes/client/api/core_v1_api.py", line 17416, in list_pod_for_all_namespaces_with_http_info
return self.api_client.call_api(
File "/Users/prubenda/PycharmProjects/kraken/venv3/lib/python3.10/site-packages/kubernetes/client/api_client.py", line 348, in call_api
return self.__call_api(resource_path, method,
File "/Users/prubenda/PycharmProjects/kraken/venv3/lib/python3.10/site-packages/kubernetes/client/api_client.py", line 180, in __call_api
response_data = self.request(
File "/Users/prubenda/PycharmProjects/kraken/venv3/lib/python3.10/site-packages/kubernetes/client/api_client.py", line 373, in request
return self.rest_client.GET(url,
File "/Users/prubenda/PycharmProjects/kraken/venv3/lib/python3.10/site-packages/kubernetes/client/rest.py", line 241, in GET
return self.request("GET", url,
File "/Users/prubenda/PycharmProjects/kraken/venv3/lib/python3.10/site-packages/kubernetes/client/rest.py", line 235, in request
raise ApiException(http_resp=r)
kubernetes.client.exceptions.ApiException: (403)
Reason: Forbidden
HTTP response headers: HTTPHeaderDict({'Audit-Id': '59d4bd00-aad6-42a8-a45a-1d3b72da7ca0', 'Cache-Control': 'no-cache, private', 'Content-Type': 'application/json', 'X-Content-Type-Options': 'nosniff', 'X-Kubernetes-Pf-Flowschema-Uid': 'e8e85a06-85e7-468e-ab9d-d4a3a3bdbd3d', 'X-Kubernetes-Pf-Prioritylevel-Uid': '2129a0ac-eab4-4e3e-ada6-5c0595ac22fb', 'Date': 'Wed, 28 Jun 2023 16:09:40 GMT', 'Content-Length': '294'})
HTTP response body: {
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Failure",
"message": "pods is forbidden: User \"system:anonymous\" cannot list resource \"pods\" in API group \"\" at the cluster scope",
"reason": "Forbidden",
"details": {
"kind": "pods"
},
"code": 403
}
Take a Go-style Kubernetes connection structure and create a Kubernetes client connection.
Standardized Kubernetes connection structure.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.