From 803a05074b817c5b56d0471ccae61af7753e9b0c Mon Sep 17 00:00:00 2001 From: "jbarrick@mesosphere.com" Date: Wed, 20 May 2020 14:29:50 -0700 Subject: [PATCH 1/3] Pass empty kubeconfig path when loading default Kubernetes configuration Previously, in-cluster configuration could not be used because the ExplicitPath was always set in the `ClientConfigLoadingRules`. If `ExplicitPath` is not set, `ClientConfigLoadingRules` will look up all of the standard environment variables to find the kubeconfig file, including supporting in cluster authentication. We leave the `kubeconfig` parameter on `FromKubeConfig` to support explicitly setting the path and also to not change the signature. This will fix docker/buildx#256 once the docker/cli dependency is updated. Signed-off-by: jbarrick@mesosphere.com --- cli/command/context/options.go | 7 +------ cli/context/kubernetes/load.go | 12 +++--------- cli/context/kubernetes/save.go | 1 + 3 files changed, 5 insertions(+), 15 deletions(-) diff --git a/cli/command/context/options.go b/cli/command/context/options.go index 977926397469..803d2df5d5ef 100644 --- a/cli/command/context/options.go +++ b/cli/command/context/options.go @@ -186,12 +186,7 @@ func getKubernetesEndpoint(dockerCli command.Cli, config map[string]string) (*ku return &res, nil } - // fallback to env-based kubeconfig - kubeconfig := os.Getenv("KUBECONFIG") - if kubeconfig == "" { - kubeconfig = filepath.Join(homedir.Get(), ".kube/config") - } - ep, err := kubernetes.FromKubeConfig(kubeconfig, "", "") + ep, err := kubernetes.FromKubeConfig("", "", "") if err != nil { return nil, err } diff --git a/cli/context/kubernetes/load.go b/cli/context/kubernetes/load.go index 99f2a00ea0ca..4b759dd7d0f3 100644 --- a/cli/context/kubernetes/load.go +++ b/cli/context/kubernetes/load.go @@ -1,14 +1,10 @@ package kubernetes import ( - "os" - "path/filepath" - "github.com/docker/cli/cli/command" "github.com/docker/cli/cli/context" "github.com/docker/cli/cli/context/store" api "github.com/docker/compose-on-kubernetes/api" - "github.com/docker/docker/pkg/homedir" "github.com/pkg/errors" "k8s.io/client-go/tools/clientcmd" clientcmdapi "k8s.io/client-go/tools/clientcmd/api" @@ -22,6 +18,7 @@ type EndpointMeta struct { AuthProvider *clientcmdapi.AuthProviderConfig `json:",omitempty"` Exec *clientcmdapi.ExecConfig `json:",omitempty"` UsernamePassword *UsernamePassword `json:"usernamePassword,omitempty"` + Token string `json:"token,omitempty"` } // UsernamePassword contains username/password auth info @@ -64,6 +61,7 @@ func (c *Endpoint) KubernetesConfig() clientcmd.ClientConfig { cluster.Server = c.Host cluster.InsecureSkipTLSVerify = c.SkipTLSVerify authInfo := clientcmdapi.NewAuthInfo() + authInfo.Token = c.Token if c.TLSData != nil { cluster.CertificateAuthorityData = c.TLSData.CA authInfo.ClientCertificateData = c.TLSData.Cert @@ -89,11 +87,7 @@ func (c *Endpoint) KubernetesConfig() clientcmd.ClientConfig { // ResolveDefault returns endpoint metadata for the default Kubernetes // endpoint, which is derived from the env-based kubeconfig. func (c *EndpointMeta) ResolveDefault(stackOrchestrator command.Orchestrator) (interface{}, *store.EndpointTLSData, error) { - kubeconfig := os.Getenv("KUBECONFIG") - if kubeconfig == "" { - kubeconfig = filepath.Join(homedir.Get(), ".kube/config") - } - kubeEP, err := FromKubeConfig(kubeconfig, "", "") + kubeEP, err := FromKubeConfig("", "", "") if err != nil { if stackOrchestrator == command.OrchestratorKubernetes || stackOrchestrator == command.OrchestratorAll { return nil, nil, errors.Wrapf(err, "default orchestrator is %s but unable to resolve kubernetes endpoint", stackOrchestrator) diff --git a/cli/context/kubernetes/save.go b/cli/context/kubernetes/save.go index 032a01d46ab9..9b4e5bf3d0de 100644 --- a/cli/context/kubernetes/save.go +++ b/cli/context/kubernetes/save.go @@ -56,6 +56,7 @@ func FromKubeConfig(kubeconfig, kubeContext, namespaceOverride string) (Endpoint AuthProvider: clientcfg.AuthProvider, Exec: clientcfg.ExecProvider, UsernamePassword: usernamePassword, + Token: clientcfg.BearerToken, }, TLSData: tlsData, }, nil From 80db7483269d46b94cbd924e3218f2216c0f7677 Mon Sep 17 00:00:00 2001 From: "jbarrick@mesosphere.com" Date: Thu, 21 May 2020 12:03:14 -0700 Subject: [PATCH 2/3] Fix some build issues. Signed-off-by: jbarrick@mesosphere.com --- cli/command/context/options.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/cli/command/context/options.go b/cli/command/context/options.go index 803d2df5d5ef..2f0b0084e85d 100644 --- a/cli/command/context/options.go +++ b/cli/command/context/options.go @@ -2,8 +2,6 @@ package context import ( "fmt" - "os" - "path/filepath" "strconv" "strings" @@ -13,7 +11,6 @@ import ( "github.com/docker/cli/cli/context/kubernetes" "github.com/docker/cli/cli/context/store" "github.com/docker/docker/client" - "github.com/docker/docker/pkg/homedir" "github.com/pkg/errors" ) From 88d1d4b43782fe7e5d1c8bc4b488365b037b1c08 Mon Sep 17 00:00:00 2001 From: "jbarrick@mesosphere.com" Date: Thu, 21 May 2020 14:02:53 -0700 Subject: [PATCH 3/3] use the default loading rules unless kubeconfig is specified Signed-off-by: jbarrick@mesosphere.com --- cli/context/kubernetes/save.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/cli/context/kubernetes/save.go b/cli/context/kubernetes/save.go index 9b4e5bf3d0de..4183db464ac1 100644 --- a/cli/context/kubernetes/save.go +++ b/cli/context/kubernetes/save.go @@ -10,8 +10,13 @@ import ( // FromKubeConfig creates a Kubernetes endpoint from a Kubeconfig file func FromKubeConfig(kubeconfig, kubeContext, namespaceOverride string) (Endpoint, error) { + loadingRules := clientcmd.NewDefaultClientConfigLoadingRules() + if kubeconfig != "" { + loadingRules = &clientcmd.ClientConfigLoadingRules{ExplicitPath: kubeconfig} + } + cfg := clientcmd.NewNonInteractiveDeferredLoadingClientConfig( - &clientcmd.ClientConfigLoadingRules{ExplicitPath: kubeconfig}, + loadingRules, &clientcmd.ConfigOverrides{CurrentContext: kubeContext, Context: clientcmdapi.Context{Namespace: namespaceOverride}}) ns, _, err := cfg.Namespace() if err != nil {