Comments (27)
I can confirm that it works with kubectl proxy
on stable WiFi :)
from dotnet-kube-client.
Hi :)
What sort of authentication is specified in your kube config? There's a chance that GKE may be using the new "script"-style authentication mechanism (which I haven't added support for yet).
from dotnet-kube-client.
I posted the relevant section of the yaml in the issue, seems like it uses what you mean. Is support for it planned?
from dotnet-kube-client.
It is now :)
from dotnet-kube-client.
Oh, and sorry I've been reading this on my phone which is why I missed the config yaml before :)
from dotnet-kube-client.
Ok - I'm going to see what's required to implement it this morning; I was hoping to get some ideas from the official client but it looks like they don't support exec-based authentication either yet. Hopefully it should be relatively easy to implement though 😄
from dotnet-kube-client.
GCP authentication seems to be something specific but there's a Go implementation I think I can reverse-engineer:
from dotnet-kube-client.
The official K8s client for C# currently suggests using kubectl proxy but I think we might be able to do better in the long run. I don't currently have a GCP cluster running so I can't test this yet but if you have a moment would you mind trying the linked workaround just so I know if the authentication is the only thing stopping us from connecting to GCP?
from dotnet-kube-client.
In the meanwhile I'll start sketching out a mechanism for authentication plugins (and implementing the GCP authentication plugin which doesn't seem all that complex, except perhaps for their use of Go-style field selector syntax such as {.token}
which we may be able to fudge).
from dotnet-kube-client.
Yeah I was hoping we could do better than that - I'm trying to reimplement kubectl in PowerShell, so it would be nice if kubectl didn't have to be used in the background to get it working.
When I try to connect to GKE through kubectl proxy, I get the error "Empty response body". However, when I try to use Postman or curl, the response body is in fact empty, so I don't think this is a bug in KubeClient. kubectl proxy logs this every time:
I0818 00:48:45.712346 67980 logs.go:41] http: proxy error: net/http: TLS handshake timeout
It might just be because I'm tethering over LTE.
from dotnet-kube-client.
I like the PS idea :)
That empty response body seems vaguely familiar - I might try digging through my mailbox to see if I can find anything.
from dotnet-kube-client.
I assume kubectl get pods
still works against gcp?
from dotnet-kube-client.
Agh, again sorry you did say - I need to stop reading issues on my phone!
from dotnet-kube-client.
What's the output of kubectl version
?
from dotnet-kube-client.
Ok, as long as kubectl
uses the command-style token provider (which from the look of your config YAML it already does), it should be pretty simple to support this (the Google-specific authentication mechanism may take a little longer so I'll probably focus on the simple case for now).
from dotnet-kube-client.
I'll have a go at building out something tomorrow (Sunday AEST) and I'll post updates here in case you want to try a preview build :)
from dotnet-kube-client.
BTW, if you're doing async stuff in a Cmdlet, you might find this useful:
https://github.com/DimensionDataResearch/cloudcontrol-powershell-core/blob/develop/src/DD.CloudControl.Powershell/AsyncCmdlet.cs
https://github.com/DimensionDataResearch/cloudcontrol-powershell-core/blob/develop/src/DD.CloudControl.Powershell/Utilities/ThreadAffinitiveSynchronizationContext.cs
(apologies if you've already worked this out, but it took me a while to get it right)
from dotnet-kube-client.
I looked at a similar thing: https://github.com/ttrider/PowerShellAsync/blob/master/PowerShellAsync/AsyncCmdlet.cs
But then I saw the issues and I was afraid to use it. So far I’ve just been using .GetAwaiter().GetResult() and a CancellationToken that gets cancelled in StopProcessing(). For Observables, I used GetEnumerable() and foreach. any reason why that wouldn’t work?
I’m a C# beginner so how threading works in C# and what a SynchronisationContext does is quite alien to me.
from dotnet-kube-client.
I wish Microsoft supported async cmdlets natively or at least had some docs on it. Maybe you should publish that class as a nuget package?
from dotnet-kube-client.
The thing I can’t figure out is how to hook the LoggerFactory up to WriteVerbose/Information/Debug/Warning, since those methods are only allowed to be called on the main thread from within Process methods
from dotnet-kube-client.
Yeah, slightly painful that one - the short answer is that if you expose the ThreadAffinitiveSynchronizationContext
(or equivalent) used while running the async method, then anything from any thread can call SynchronizationContext.Post
with a delegate and that delegate will be executed on the main thread
from dotnet-kube-client.
(you can get at it inside the Cmdlet via SychronizationContext.Current
.
from dotnet-kube-client.
Ah, so I could use that to make sure the Write calls of the logger get executed on the main thread, and then I only need to ignore them while no Process method is active.
from dotnet-kube-client.
Yep - just check if SynchonizationContext.Current is ThreadAffinitiveSynchronizationContext
from dotnet-kube-client.
@felixfbecker I'm about to start work on this - would you be up for trying it out once I've got something working?
from dotnet-kube-client.
Ok - I've tried the new code in the feature/auth-cmd
branch against GKE and it works! If you have a moment, would you mind trying it for yourself to see if it works for you?
In the meanwhile I'll see what I can do about using the existing cached token, if present in ~/.kube/config
.
from dotnet-kube-client.
Ok, this should be working now in the latest release :)
Feel free to reopen if it doesn't work for you.
from dotnet-kube-client.
Related Issues (20)
- How is the ApiEndPoint configured for this parameter HOT 5
- Can I debug and load configMap locally? HOT 26
- IEventClientV1 fails to convert time value HOT 15
- Error while trying to create HorizontalPodAutoscaler with DynamicResourceClient HOT 7
- Aysnc methods on resource clients do not use standard Async naming conventions HOT 3
- Access full details of STATUS column from "kubectl get pod" HOT 1
- No authentication needed for url HOT 2
- KubeClient.Models.ObjectMetaV1.Annotations Should not be read-only
- Metadata doesn't get built for write-only models HOT 3
- WatchAll is missing for some resources HOT 4
- Field selectors for pods not implemented HOT 6
- Credential Plugins (AKS / AAD) Support HOT 1
- Detect current Pod namespace HOT 4
- Cannot find resource API for kind for Istio CRD HOT 6
- Upgrade to a newer version of YamlDotNet HOT 1
- CVE-2018-8292 | System.Net.Http HOT 2
- ExecAndConnect example yields 403 Forbidden HOT 1
- Cannot get output when using ExecAndConnect HOT 3
- Periods in ConfigMap keys get replaced by colons without any possibility of escape. HOT 7
- The Pod WatchAll will fail in about half an hour HOT 14
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dotnet-kube-client.