From f7edbd37bcd5dd173c684b68cb3cf27572893fa3 Mon Sep 17 00:00:00 2001 From: Lin Yang Date: Sat, 7 Jan 2023 00:13:05 +0800 Subject: [PATCH] fix: out-of-cluster kubeconfig permission denied (#28) * fix: out-of-cluster kubeconfig permission denied Signed-off-by: Lin Yang * fix: pointer Signed-off-by: Lin Yang * fix: yaml.Unmarshall Signed-off-by: Lin Yang * fix: use clientcmd.Load() to read kubeconfig Signed-off-by: Lin Yang Signed-off-by: Lin Yang --- README.md | 6 ++--- VERSION | 4 ++-- charts/erie-canal/Chart.lock | 6 ++--- charts/erie-canal/Chart.yaml | 6 ++--- charts/namespaced-ingress/Chart.lock | 6 ++--- charts/namespaced-ingress/Chart.yaml | 6 ++--- charts/tpls/Chart.yaml | 4 ++-- .../cluster/v1alpha1/cluster_controller.go | 22 +++++++------------ samples/setup/readme.md | 6 ++--- 9 files changed, 30 insertions(+), 36 deletions(-) diff --git a/README.md b/README.md index dc57045..982d2b3 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ To install the chart with the release name `ec` run: ```bash $ helm repo add ec https://ec.flomesh.io -$ helm install ec ec/erie-canal --namespace erie-canal --create-namespace --version=0.1.0-beta.1 +$ helm install ec ec/erie-canal --namespace erie-canal --create-namespace --version=0.1.0-beta.2 ``` The command deploys ErieCanal on the Kubernetes cluster using the default configuration in namespace `erie-canal` and creates the namespace if it doesn't exist. The [configuration](#configuration) section lists the parameters that can be configured during installation. @@ -52,12 +52,12 @@ The command removes all the Kubernetes components associated with the chart and Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```bash -$ helm install ec ec/erie-canal --namespace erie-canal --create-namespace --version=0.1.0-beta.1 \ +$ helm install ec ec/erie-canal --namespace erie-canal --create-namespace --version=0.1.0-beta.2 \ --set ec.image.pullPolicy=Always ``` Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```bash -$ helm install ec ec/erie-canal --namespace erie-canal --create-namespace --version=0.1.0-beta.1 -f values-override.yaml +$ helm install ec ec/erie-canal --namespace erie-canal --create-namespace --version=0.1.0-beta.2 -f values-override.yaml ``` diff --git a/VERSION b/VERSION index b6bf782..4cf99c0 100644 --- a/VERSION +++ b/VERSION @@ -1,4 +1,4 @@ -APP_VERSION=0.1.0-beta.1 -HELM_CHART_VERSION=0.1.0-beta.1 +APP_VERSION=0.1.0-beta.2 +HELM_CHART_VERSION=0.1.0-beta.2 K8S_VERSION=1.25.5 ENVTEST_K8S_VERSION=1.25 \ No newline at end of file diff --git a/charts/erie-canal/Chart.lock b/charts/erie-canal/Chart.lock index 62c0a15..df77e6b 100644 --- a/charts/erie-canal/Chart.lock +++ b/charts/erie-canal/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: tpls repository: file://../tpls - version: 0.1.0-beta.1 + version: 0.1.0-beta.2 - name: cert-manager repository: https://charts.jetstack.io version: v1.7.3 -digest: sha256:6f25673c0a513753d0af9d361b7eb4f4bab33b7a0bf0f5843f237158e3028c0f -generated: "2023-01-05T15:06:24.97818+08:00" +digest: sha256:0ad3f0f55e3e64241c9a04f2cc35d3f2b7e0b6ce277812460f8ecb28e4d156fa +generated: "2023-01-06T22:37:25.311541+08:00" diff --git a/charts/erie-canal/Chart.yaml b/charts/erie-canal/Chart.yaml index a19c2c0..f2e8737 100644 --- a/charts/erie-canal/Chart.yaml +++ b/charts/erie-canal/Chart.yaml @@ -18,13 +18,13 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0-beta.1 +version: 0.1.0-beta.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "0.1.0-beta.1" +appVersion: "0.1.0-beta.2" keywords: - kubernetes @@ -48,7 +48,7 @@ sources: dependencies: - name: tpls - version: 0.1.0-beta.1 + version: 0.1.0-beta.2 repository: file://../tpls - name: cert-manager version: 1.7.3 diff --git a/charts/namespaced-ingress/Chart.lock b/charts/namespaced-ingress/Chart.lock index 79c1820..641985c 100644 --- a/charts/namespaced-ingress/Chart.lock +++ b/charts/namespaced-ingress/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: tpls repository: file://../tpls - version: 0.1.0-beta.1 -digest: sha256:1dc9e6800a8d65a9a7dc4260e56113a0dd0959d23f029bc347dc75b38d931ead -generated: "2023-01-05T15:06:32.001917+08:00" + version: 0.1.0-beta.2 +digest: sha256:c72c4d49da78f1f3ac6322dc30c3373a5ed431ddc73810028ecb47ca975e04c5 +generated: "2023-01-06T22:37:33.128013+08:00" diff --git a/charts/namespaced-ingress/Chart.yaml b/charts/namespaced-ingress/Chart.yaml index f099f2b..1c98494 100644 --- a/charts/namespaced-ingress/Chart.yaml +++ b/charts/namespaced-ingress/Chart.yaml @@ -16,15 +16,15 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0-beta.1 +version: 0.1.0-beta.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "0.1.0-beta.1" +appVersion: "0.1.0-beta.2" dependencies: - name: tpls - version: 0.1.0-beta.1 + version: 0.1.0-beta.2 repository: file://../tpls diff --git a/charts/tpls/Chart.yaml b/charts/tpls/Chart.yaml index 743f6f5..603e645 100644 --- a/charts/tpls/Chart.yaml +++ b/charts/tpls/Chart.yaml @@ -15,10 +15,10 @@ type: library # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0-beta.1 +version: 0.1.0-beta.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "0.1.0-beta.1" +appVersion: "0.1.0-beta.2" diff --git a/controllers/cluster/v1alpha1/cluster_controller.go b/controllers/cluster/v1alpha1/cluster_controller.go index 2826dc7..b6364ee 100644 --- a/controllers/cluster/v1alpha1/cluster_controller.go +++ b/controllers/cluster/v1alpha1/cluster_controller.go @@ -31,7 +31,6 @@ import ( "github.com/flomesh-io/ErieCanal/pkg/kube" "github.com/flomesh-io/ErieCanal/pkg/repo" "github.com/flomesh-io/ErieCanal/pkg/util" - "io/ioutil" appv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" @@ -40,13 +39,11 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" + clientcmdapi "k8s.io/client-go/tools/clientcmd/api" "k8s.io/client-go/tools/record" "k8s.io/klog/v2" - "os" - "path/filepath" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" - "strings" "sync" "time" ) @@ -273,19 +270,16 @@ func getKubeConfig(cluster *clusterv1alpha1.Cluster) (*rest.Config, ctrl.Result, } func remoteKubeConfig(cluster *clusterv1alpha1.Cluster) (*rest.Config, ctrl.Result, error) { - if _, err := os.Stat(clientcmd.RecommendedConfigDir); os.IsNotExist(err) { - if err := os.MkdirAll(clientcmd.RecommendedConfigDir, 0644); err != nil { - return nil, ctrl.Result{}, err + // use the current context in kubeconfig + kubeconfig, err := clientcmd.BuildConfigFromKubeconfigGetter("", func() (*clientcmdapi.Config, error) { + cfg, err := clientcmd.Load([]byte(cluster.Spec.Kubeconfig)) + if err != nil { + return nil, err } - } - kubeconfigPath := filepath.Join(clientcmd.RecommendedConfigDir, strings.ReplaceAll(cluster.Key(), "/", "-")) - if err := ioutil.WriteFile(kubeconfigPath, []byte(cluster.Spec.Kubeconfig), 0644); err != nil { - return nil, ctrl.Result{}, err - } + return cfg, nil + }) - // use the current context in kubeconfig - kubeconfig, err := clientcmd.BuildConfigFromFlags("", kubeconfigPath) if err != nil { return nil, ctrl.Result{}, err } diff --git a/samples/setup/readme.md b/samples/setup/readme.md index 84fea28..72597f6 100644 --- a/samples/setup/readme.md +++ b/samples/setup/readme.md @@ -44,7 +44,7 @@ Not sure what to do next? 😅 Check out https://kind.sigs.k8s.io/docs/user/qui #### Install ErieCanal to Control Plane ```shell -helm install --namespace erie-canal --create-namespace --set ec.version=0.1.0-beta.1-dev --set ec.logLevel=5 --set ec.serviceLB.enabled=true erie-canal charts/erie-canal/ +helm install --namespace erie-canal --create-namespace --set ec.version=0.1.0-beta.2-dev --set ec.logLevel=5 --set ec.serviceLB.enabled=true erie-canal charts/erie-canal/ ``` ### Cluster 1 @@ -73,7 +73,7 @@ Not sure what to do next? 😅 Check out https://kind.sigs.k8s.io/docs/user/qui #### Install ErieCanal to Cluster1 ```shell -helm install --namespace erie-canal --create-namespace --set ec.version=0.1.0-beta.1-dev --set ec.logLevel=5 --set ec.serviceLB.enabled=true erie-canal charts/erie-canal/ +helm install --namespace erie-canal --create-namespace --set ec.version=0.1.0-beta.2-dev --set ec.logLevel=5 --set ec.serviceLB.enabled=true erie-canal charts/erie-canal/ ``` ### Cluster 2 @@ -102,7 +102,7 @@ Not sure what to do next? 😅 Check out https://kind.sigs.k8s.io/docs/user/qui #### Install ErieCanal to Cluster2 ```shell -helm install --namespace erie-canal --create-namespace --set ec.version=0.1.0-beta.1-dev --set ec.logLevel=5 --set ec.serviceLB.enabled=true erie-canal charts/erie-canal/ +helm install --namespace erie-canal --create-namespace --set ec.version=0.1.0-beta.2-dev --set ec.logLevel=5 --set ec.serviceLB.enabled=true erie-canal charts/erie-canal/ ``` ## Create/Update Cluster CRD yamls