fix: out-of-cluster kubeconfig permission denied (#28)

* fix: out-of-cluster kubeconfig permission denied Signed-off-by: Lin Yang <[email protected]> * fix: pointer Signed-off-by: Lin Yang <[email protected]> * fix: yaml.Unmarshall Signed-off-by: Lin Yang <[email protected]> * fix: use clientcmd.Load() to read kubeconfig Signed-off-by: Lin Yang <[email protected]> Signed-off-by: Lin Yang <[email protected]>
flomesh-io · Jan 6, 2023 · f7edbd3 · f7edbd3
1 parent 9103465
commit f7edbd3
Show file tree

Hide file tree

Showing 9 changed files with 30 additions and 36 deletions.
diff --git a/README.md b/README.md
@@ -30,7 +30,7 @@ To install the chart with the release name `ec` run:
 
 ```bash
 $ helm repo add ec https://ec.flomesh.io
-$ helm install ec ec/erie-canal --namespace erie-canal --create-namespace --version=0.1.0-beta.1
+$ helm install ec ec/erie-canal --namespace erie-canal --create-namespace --version=0.1.0-beta.2
 ```
 
 The command deploys ErieCanal on the Kubernetes cluster using the default configuration in namespace `erie-canal` and creates the namespace if it doesn't exist. The [configuration](#configuration) section lists the parameters that can be configured during installation.
@@ -52,12 +52,12 @@ The command removes all the Kubernetes components associated with the chart and
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
 
 ```bash
-$ helm install ec ec/erie-canal --namespace erie-canal --create-namespace --version=0.1.0-beta.1 \
+$ helm install ec ec/erie-canal --namespace erie-canal --create-namespace --version=0.1.0-beta.2 \
   --set ec.image.pullPolicy=Always
 ```
 
 Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
 
 ```bash
-$ helm install ec ec/erie-canal --namespace erie-canal --create-namespace --version=0.1.0-beta.1 -f values-override.yaml
+$ helm install ec ec/erie-canal --namespace erie-canal --create-namespace --version=0.1.0-beta.2 -f values-override.yaml
 ```
diff --git a/VERSION b/VERSION
@@ -1,4 +1,4 @@
-APP_VERSION=0.1.0-beta.1
-HELM_CHART_VERSION=0.1.0-beta.1
+APP_VERSION=0.1.0-beta.2
+HELM_CHART_VERSION=0.1.0-beta.2
 K8S_VERSION=1.25.5
 ENVTEST_K8S_VERSION=1.25
diff --git a/charts/erie-canal/Chart.lock b/charts/erie-canal/Chart.lock
@@ -1,9 +1,9 @@
 dependencies:
 - name: tpls
   repository: file://../tpls
-  version: 0.1.0-beta.1
+  version: 0.1.0-beta.2
 - name: cert-manager
   repository: https://charts.jetstack.io
   version: v1.7.3
-digest: sha256:6f25673c0a513753d0af9d361b7eb4f4bab33b7a0bf0f5843f237158e3028c0f
-generated: "2023-01-05T15:06:24.97818+08:00"
+digest: sha256:0ad3f0f55e3e64241c9a04f2cc35d3f2b7e0b6ce277812460f8ecb28e4d156fa
+generated: "2023-01-06T22:37:25.311541+08:00"
diff --git a/charts/erie-canal/Chart.yaml b/charts/erie-canal/Chart.yaml
@@ -18,13 +18,13 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0-beta.1
+version: 0.1.0-beta.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.1.0-beta.1"
+appVersion: "0.1.0-beta.2"
 
 keywords:
   - kubernetes
@@ -48,7 +48,7 @@ sources:
 
 dependencies:
 - name: tpls
-  version: 0.1.0-beta.1
+  version: 0.1.0-beta.2
   repository: file://../tpls
 - name: cert-manager
   version: 1.7.3

diff --git a/charts/namespaced-ingress/Chart.lock b/charts/namespaced-ingress/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: tpls
   repository: file://../tpls
-  version: 0.1.0-beta.1
-digest: sha256:1dc9e6800a8d65a9a7dc4260e56113a0dd0959d23f029bc347dc75b38d931ead
-generated: "2023-01-05T15:06:32.001917+08:00"
+  version: 0.1.0-beta.2
+digest: sha256:c72c4d49da78f1f3ac6322dc30c3373a5ed431ddc73810028ecb47ca975e04c5
+generated: "2023-01-06T22:37:33.128013+08:00"
diff --git a/charts/namespaced-ingress/Chart.yaml b/charts/namespaced-ingress/Chart.yaml
@@ -16,15 +16,15 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0-beta.1
+version: 0.1.0-beta.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.1.0-beta.1"
+appVersion: "0.1.0-beta.2"
 
 dependencies:
   - name: tpls
-    version: 0.1.0-beta.1
+    version: 0.1.0-beta.2
     repository: file://../tpls
diff --git a/charts/tpls/Chart.yaml b/charts/tpls/Chart.yaml
@@ -15,10 +15,10 @@ type: library
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0-beta.1
+version: 0.1.0-beta.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.1.0-beta.1"
+appVersion: "0.1.0-beta.2"
diff --git a/controllers/cluster/v1alpha1/cluster_controller.go b/controllers/cluster/v1alpha1/cluster_controller.go
@@ -31,7 +31,6 @@ import (
 	"github.com/flomesh-io/ErieCanal/pkg/kube"
 	"github.com/flomesh-io/ErieCanal/pkg/repo"
 	"github.com/flomesh-io/ErieCanal/pkg/util"
-	"io/ioutil"
 	appv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -40,13 +39,11 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
+	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
 	"k8s.io/client-go/tools/record"
 	"k8s.io/klog/v2"
-	"os"
-	"path/filepath"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"strings"
 	"sync"
 	"time"
 )
@@ -273,19 +270,16 @@ func getKubeConfig(cluster *clusterv1alpha1.Cluster) (*rest.Config, ctrl.Result,
 }
 
 func remoteKubeConfig(cluster *clusterv1alpha1.Cluster) (*rest.Config, ctrl.Result, error) {
-	if _, err := os.Stat(clientcmd.RecommendedConfigDir); os.IsNotExist(err) {
-		if err := os.MkdirAll(clientcmd.RecommendedConfigDir, 0644); err != nil {
-			return nil, ctrl.Result{}, err
+	// use the current context in kubeconfig
+	kubeconfig, err := clientcmd.BuildConfigFromKubeconfigGetter("", func() (*clientcmdapi.Config, error) {
+		cfg, err := clientcmd.Load([]byte(cluster.Spec.Kubeconfig))
+		if err != nil {
+			return nil, err
 		}
-	}
 
-	kubeconfigPath := filepath.Join(clientcmd.RecommendedConfigDir, strings.ReplaceAll(cluster.Key(), "/", "-"))
-	if err := ioutil.WriteFile(kubeconfigPath, []byte(cluster.Spec.Kubeconfig), 0644); err != nil {
-		return nil, ctrl.Result{}, err
-	}
+		return cfg, nil
+	})
 
-	// use the current context in kubeconfig
-	kubeconfig, err := clientcmd.BuildConfigFromFlags("", kubeconfigPath)
 	if err != nil {
 		return nil, ctrl.Result{}, err
 	}

diff --git a/samples/setup/readme.md b/samples/setup/readme.md
@@ -44,7 +44,7 @@ Not sure what to do next? 😅  Check out https://kind.sigs.k8s.io/docs/user/qui
 
 #### Install ErieCanal to Control Plane
 ```shell
-helm install --namespace erie-canal --create-namespace --set ec.version=0.1.0-beta.1-dev --set ec.logLevel=5 --set ec.serviceLB.enabled=true erie-canal charts/erie-canal/
+helm install --namespace erie-canal --create-namespace --set ec.version=0.1.0-beta.2-dev --set ec.logLevel=5 --set ec.serviceLB.enabled=true erie-canal charts/erie-canal/
 ```
 
 ### Cluster 1
@@ -73,7 +73,7 @@ Not sure what to do next? 😅  Check out https://kind.sigs.k8s.io/docs/user/qui
 
 #### Install ErieCanal to Cluster1
 ```shell
-helm install --namespace erie-canal --create-namespace --set ec.version=0.1.0-beta.1-dev --set ec.logLevel=5 --set ec.serviceLB.enabled=true erie-canal charts/erie-canal/
+helm install --namespace erie-canal --create-namespace --set ec.version=0.1.0-beta.2-dev --set ec.logLevel=5 --set ec.serviceLB.enabled=true erie-canal charts/erie-canal/
 ```
 
 ### Cluster 2
@@ -102,7 +102,7 @@ Not sure what to do next? 😅  Check out https://kind.sigs.k8s.io/docs/user/qui
 
 #### Install ErieCanal to Cluster2
 ```shell
-helm install --namespace erie-canal --create-namespace --set ec.version=0.1.0-beta.1-dev --set ec.logLevel=5 --set ec.serviceLB.enabled=true erie-canal charts/erie-canal/
+helm install --namespace erie-canal --create-namespace --set ec.version=0.1.0-beta.2-dev --set ec.logLevel=5 --set ec.serviceLB.enabled=true erie-canal charts/erie-canal/
 ```
 
 ## Create/Update Cluster CRD yamls