Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automatically obtain hosts and tokens from ~/.kube/config #14

Open
leifericf opened this issue Oct 24, 2023 · 1 comment
Open

Automatically obtain hosts and tokens from ~/.kube/config #14

leifericf opened this issue Oct 24, 2023 · 1 comment

Comments

@leifericf
Copy link

leifericf commented Oct 24, 2023
edited
Loading

I've been struggling to obtain the correct hosts and (decoded) tokens from the ~/.kube/config directory on my developer machine to use this library for a few days. This has become a bigger challenge than I anticipated, as my organization uses Azure CLI with certificates to obtain these tokens for several environments via Azure Active Directory/SSO with 2FA.

Upon researching, I discovered that the official Kubernetes clients support automatically loading config files from ~/.kube/config. Here is the relevant code from their Java client, and for their JavaScript client. In particular, loadFromDetault (link) or loadFromCluster (link) seem to be the relevant functions from the JavaScript client.

The Clojure library kube-api (link) also contains an implementation in kubeconfig.clj (link) and auth.clj (link).

Another reference that might be useful is the K9s codebase (here is their config-related Go package).

Would it be interesting to have a similar feature implemented in k8s-api? This could make it easier for people with their requisite hosts and tokens in their ~/.kube/config directory to use the library with less hassle.

One possible implementation might be to use the official Kubernetes Java client to avoid porting all that code to Clojure. However, creating that dependency and using Java interop might not be desirable.
@leifericf leifericf changed the title Automatically obtain certificates and tokens from ~/.kube/config Automatically obtain hosts and tokens from ~/.kube/config Oct 24, 2023
@leifericf
Copy link
Author

leifericf commented Oct 24, 2023
edited
Loading

Here is how I'm currently shelling out to kubectl to obtain the K8s servers from my ~/.kube/config file. I'm working on a similar approach to load and decode the tokens, but I haven't been able to get it working (yet).

(ns kubernetes
  (:require [cheshire.core :as json]
            [clojure.java.shell :as shell]))

(defn- sh-out->json [opts & args]
  (-> (apply shell/sh opts args)
      :out
      (json/parse-string keyword)))

(defn- get-servers [k8s-config]
  (for [{:keys [name cluster]} (:clusters k8s-config)]
    {:name name :server (:server cluster)}))

(def servers
  (-> (sh-out->json "kubectl" "config" "view" "-o" "json")
      get-servers))

I've been referencing this guide for loading and decoding the tokens for use via curl.

(defn- get-tokens [secrets]
  ;; How to select and decode tokens correctly?
  )

(def tokens
  (-> (sh-out->json "kubectl" "get" "secrets" "-o" "json")
      get-tokens))

I suppose I must also match the correct server with the correct (decoded) token somehow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@leifericf