kubernetes-client / go Goto Github PK

Trying this example

go.mod file:

module example

go 1.19

require (
	cloud.google.com/go/compute/metadata v0.2.0 // indirect
	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
	github.com/Azure/go-autorest/autorest/adal v0.9.21 // indirect
	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
	github.com/Azure/go-autorest/logger v0.2.1 // indirect
	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
	github.com/ghodss/yaml v1.0.0 // indirect
	github.com/golang-jwt/jwt/v4 v4.0.0 // indirect
	github.com/golang/glog v1.0.0 // indirect
	github.com/golang/protobuf v1.5.2 // indirect
	github.com/kubernetes-client/go v0.0.0-20211217162629-92040c8d5731 // indirect
	golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa // indirect
	golang.org/x/net v0.4.0 // indirect
	golang.org/x/oauth2 v0.3.0 // indirect
	google.golang.org/appengine v1.6.7 // indirect
	google.golang.org/protobuf v1.28.0 // indirect
	gopkg.in/yaml.v2 v2.4.0 // indirect
)

% go run main.go
# github.com/kubernetes-client/go/kubernetes/config
../../go/pkg/mod/github.com/kubernetes-client/[email protected]/kubernetes/config/azure.go:63:17: cannot use l.user.AuthProvider.Config["expires-in"] (map index expression of type string) as type json.Number in struct literal
../../go/pkg/mod/github.com/kubernetes-client/[email protected]/kubernetes/config/azure.go:64:17: cannot use l.user.AuthProvider.Config["expires-on"] (map index expression of type string) as type json.Number in struct literal

I tried go get -d -v -x k8s.io/client referred from

But https://k8s.io/client?go-get=1 returns https://github.com/kubernetes/client, but there is no repository under the kubernetes org.
I think https://k8s.io/client?go-get=1 meta tag should return https://github.com/kubernetes-client/go/client instead of.

https://github.com/kubernetes-client/go-base repository have ditto problem.
When will it support (actually fix) it?

curl 'https://k8s.io/client?go-get=1'

            <html><head>
                  <meta name="go-import"
                        content="k8s.io/client
                                 git https://github.com/kubernetes/client">
                  <meta name="go-source"
                        content="k8s.io/client
                                 https://github.com/kubernetes/client
                                 https://github.com/kubernetes/client/tree/master{/dir}
                                 https://github.com/kubernetes/client/blob/master{/dir}/{file}#L{line}">
            </head></html>

curl -v 'https://k8s.io/client?go-get=1'

*   Trying 23.236.58.218...
* TCP_NODELAY set
* Connected to k8s.io (23.236.58.218) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /usr/local/etc/openssl/cert.pem
  CApath: /usr/local/etc/openssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=k8s.io
*  start date: May 16 18:22:49 2018 GMT
*  expire date: Aug 14 18:22:49 2018 GMT
*  subjectAltName: host "k8s.io" matched cert's "k8s.io"
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
> GET /client?go-get=1 HTTP/1.1
> Host: k8s.io
> User-Agent: curl/7.60.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx/1.10.3
< Date: Mon, 11 Jun 2018 08:52:57 GMT
< Content-Type: text/plain
< Content-Length: 576
< Connection: keep-alive
<

            <html><head>
                  <meta name="go-import"
                        content="k8s.io/client
                                 git https://github.com/kubernetes/client">
                  <meta name="go-source"
                        content="k8s.io/client
                                 https://github.com/kubernetes/client
                                 https://github.com/kubernetes/client/tree/master{/dir}
                                 https://github.com/kubernetes/client/blob/master{/dir}/{file}#L{line}">
            </head></html>
* Connection #0 to host k8s.io left intact

ref: kubernetes/community#1721

This repo is listed in sigs.yaml as belonging to sig-api-machinery, but it lacks an OWNERS file. Can you please add one with the appropriate list of approvers and reviewers? eg:

• robust example: approvers, reviewers, aliases
• simple example: only approvers, no aliases

For more information see the OWNERS docs

/sig api-machinery

/assign @lavalamp @deads2k
sig-api-machinery chairs

/assign @yliaog @roycaihw
as folks who've been merging PR's recently

Originally posted by @MrfizieeD in fzipp/gocyclo#43

I want to try "configuration := client.NewConfiguration()"
In fact, it failed.
I want to use my configuration ,However I do not konw how to join my ca.crt.
So that when I want to control Customize Resources that it warinning "x509: certificate signed by unknown authority"

/assign @mbohlool

Dear prow, are you alive/

It seems that almost every link in the documentation is broken and results in a 404.

Example: https://github.com/kubernetes-client/go/blob/master/kubernetes/docs/V1Volume.md

The V1CephFsVolumeSource link brings you to https://github.com/kubernetes-client/go/blob/master/kubernetes/docs/v1.CephFSVolumeSource.md

This is a page that does not exist. The correct link is
https://github.com/kubernetes-client/go/blob/master/kubernetes/docs/V1CephFsVolumeSource.md

The solution looks to be as simple as replacing "v1." in all links with "V1". I could open a PR to remedy this, just want to make sure sure this is not intended behaviour and doesn't break anything downstream

Apologies if this issue is not formatted correctly, please direct me to any guidelines if so.

As per the email sent to kubernetes-dev[1], please create a SECURITY_CONTACTS
file.

The template for the file can be found in the kubernetes-template repository[2].
A description for the file is in the steering-committee docs[3], you might need
to search that page for "Security Contacts".

Please feel free to ping me on the PR when you make it, otherwise I will see when
you close this issue. :)

Thanks so much, let me know if you have any questions.

(This issue was generated from a tool, apologies for any weirdness.)

[1] https://groups.google.com/forum/#!topic/kubernetes-dev/codeiIoQ6QE
[2] https://github.com/kubernetes/kubernetes-template-project/blob/master/SECURITY_CONTACTS
[3] https://github.com/kubernetes/community/blob/master/committee-steering/governance/sig-governance-template-short.md

Hi,
I need to List/watch on CRD object using kubeclient.
From my application, I need to create custom controller object.
But I don't use the custom controller client. Instead I am using kubeclient to create the custom controller object. Also, I need to watch on custom controller object using kubeclient.

I am trying to create the sharedInformer using kubeclient with the help of InformerFor method as below

	kubeInformerFactory := kubeinformers.NewSharedInformerFactory(kubeclientset, time.Second*30)
	AnalysisInformer := kubeInformerFactory.InformerFor(&data.Analysis{},newKubeInformer)


func newKubeInformer(kubeClient kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
	rcListWatch := cache.NewListWatchFromClient(kubeClient.Discovery().RESTClient(), "analysis.com", metav1.NamespaceAll, fields.Everything())
	return cache.NewSharedIndexInformer(rcListWatch, &data.Analysis{}, resyncPeriod, nil)
}

I am getting the below error from the List/Watch

E0814 07:08:00.344242 1 reflector.go:125] db-operator/pkg/controller/controller.go:48: Failed to list *v1alpha1.Analysis: the server could not find the requested resource (get analysis.com.meta.k8s.io)

How to resolve this issue ?

Problem

Even if correct ServiceAccount access was established(ServiceAccount + ClusterRoleBinding + ClusterRole or ServiceAccount + RoleBinding + Role) and the pod was referring to the serviceAccountName, the pod still cannot call k8s api inside the cluster(403 Forbidden from k8s api server). e.g.

{"level":"error","msg":"Status: 403 Forbidden, Body: {\"kind\":\"Status\",\"apiVersion\":\"v1\",\"metadata\":{},\"status\":\"Failure\",\"message\":\"notebooks.kubeflow.org is forbidden: User \\\"system:anonymous\\\" cannot list resource \\\"notebooks\\\" in API group \\\"kubeflow.org\\\" in the namespace \\\"default\\\"\",\"reason\":\"Forbidden\",\"details\":{\"group\":\"kubeflow.org\",\"kind\":\"notebooks\"},\"code\":403}\n","time":"2019-06-06T02:57:08Z"}

Code to call the k8s api:

		cfg, err := config.InClusterConfig()
		if err != nil {
			panic(err.Error())
		}
                k8sClient = client.NewAPIClient(cfg)
                // the code to list a CustomResource Object
                ......

Temporary Fix

Simple, I just replaced the original header with another header name(Authentication->Authorization), and the api call succeeded:

                MistakenTokenHeader := "Authentication"
                CorrectTokenHeader := "Authorization"
                TokenValuePrefix = "Bearer "
                SATokenPath := "/var/run/secrets/kubernetes.io/serviceaccount/token"
		cfg, err := config.InClusterConfig()
		if err != nil {
			panic(err.Error())
		}
		tokenValue := cfg.DefaultHeader[MistakenTokenHeader]
		// this should never happen, just in case
		if len(tokenValue) == 0 {
			tv, err := ioutil.ReadFile(SATokenPath)
			if err != nil {
				panic(err.Error())
			}
			tokenValue = TokenValuePrefix + string(tv)
		}
		defaultHeader := map[string]string{CorrectTokenHeader : tokenValue}
		cfg.DefaultHeader = defaultHeader
                k8sClient = client.NewAPIClient(cfg)

Question

Is there anything wrong with my client code or is this an issue of kubernetes-client?

kubernetes/config/azure.go

please change
ExpiresIn: l.user.AuthProvider.Config["expires-in"],
ExpiresOn: l.user.AuthProvider.Config["expires-on"],
to
ExpiresIn: json.Number(l.user.AuthProvider.Config["expires-in"]),
ExpiresOn: json.Number(l.user.AuthProvider.Config["expires-on"]),

We should support watch calls to meet Silver Requirements once swagger-codegen supports:

• Streaming responses in go client. Ref: swagger-api/swagger-codegen#8199

/assign

Please add info to https://github.com/kubernetes-client/go/blob/master/README.md about what's different between https://github.com/kubernetes-client/go and https://github.com/kubernetes/client-go (why would you use one over the other?).

Hi,

I have an AdmissionController which is running successfully and prevents some pods from getting instantiated, checking on the prescribed conditions.

But the Pod gets stuck in Terminated Status and never goes away. I also have a process that monitors for stuck pods and cleans up. It tries to delete these Terminated Pods using deleteNamespacedPod. The Api call works fine, but the Pod lingers on without getting deleted. Is the AdmissionController denial a finalizer that is holding back the Pod from getting deleted ? When I took down the Admission Controller, the clean up process was successfully able to delete the Pod.

Any insights or things I am missing in the AdmissionController ?

I appreciate any help/insights in this issue.

Thanks a lot,

-Sreeni

Im working on a MutatingAdmissionWebhook monitoring Deployment objects in Go. The webhook is running and receives the request correctly.

I am trying to read thru the Deployment->Spec->Container->env List.

I am able to get the env list, but I have ConfigMapKeyRef defined for these env vars, which is coming in as nil.

When I dumped the ValueFrom here is what I got

%!(EXTRA *v1.EnvVarSource=&EnvVarSource{FieldRef:nil,ResourceFieldRef:nil,ConfigMapKeyRef:nil,SecretKeyRef:&SecretKeySelector{LocalObjectReference:LocalObjectReference{Name:myuser,},Key:username,Optional:nil,},})

I am expecting to find a full name of the ConfigMap in the ConfigMapKeyRef.

Im running Kubernetes Client v1.14.0

Any help to solve this ?

Thanks,

-Sreeni