Skip to content

Kubernetes authentication not working from inside the cluster #255

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
kpouget opened this issue Jul 28, 2023 · 2 comments · Fixed by #271
Closed

Kubernetes authentication not working from inside the cluster #255

kpouget opened this issue Jul 28, 2023 · 2 comments · Fixed by #271
Assignees
@Bobbins228

Comments

@kpouget
Copy link

kpouget commented Jul 28, 2023
edited
Loading

I'm running a simple code based on this example:

    from codeflare_sdk.cluster.cluster import Cluster, ClusterConfiguration

    # Create our cluster and submit appwrapper
    cluster = Cluster(ClusterConfiguration(
        namespace=namespace, name=f"{name}-user{user_idx}",
        image=image,
        min_worker=workers, max_worker=workers,
        min_cpus=cpu, max_cpus=cpu,
        min_memory=memory, max_memory=memory,
        gpu=gpu, instascale=False))

    # Bring up the cluster
    cluster.up()

but this last call fails with when deployed from the current main branch:

Traceback (most recent call last):
  File "/opt/venv/src/codeflare-sdk/src/codeflare_sdk/cluster/cluster.py", line 120, in up
    config_check()
  File "/opt/venv/src/codeflare-sdk/src/codeflare_sdk/cluster/auth.py", line 165, in config_check
    config.load_kube_config()
  File "/opt/venv/lib/python3.9/site-packages/kubernetes/config/kube_config.py", line 813, in load_kube_config
    loader = _get_kube_config_loader(
  File "/opt/venv/lib/python3.9/site-packages/kubernetes/config/kube_config.py", line 770, in _get_kube_config_loader
    raise ConfigException(
kubernetes.config.config_exception.ConfigException: Invalid kube-config file. No configuration found.

During handling of the above exception, another exception occurred:
...
File "/mnt/logs/002__run_one/sample.py", line 37, in main
  cluster.up()
File "/opt/venv/src/codeflare-sdk/src/codeflare_sdk/cluster/cluster.py", line 132, in up
  return _kube_api_error_handling(e)
File "/opt/venv/src/codeflare-sdk/src/codeflare_sdk/utils/kube_api_helpers.py", line 32, in _kube_api_error_handling
  raise PermissionError(perm_msg)
PermissionError: Action not permitted, have you put in correct/up-to-date auth credentials?

This code is running inside a Pod, and relying on the in-cluster config (token from this file: /run/secrets/kubernetes.io/serviceaccount/token)
@kpouget
Copy link
Author

kpouget commented Jul 28, 2023

Adding this test to the Kubernetes authentication should address the issue:

    if 'KUBERNETES_PORT' in os.environ:
        # os.environ['KUBERNETES_SERVICE_HOST'] = 'kubernetes'
        config.load_incluster_config()
    else:
        config.load_kube_config()

@kpouget kpouget mentioned this issue Jul 28, 2023
Merged
4 tasks
@kpouget kpouget changed the title Kubernetes authentification not working from inside the cluster Kubernetes authentication not working from inside the cluster Jul 28, 2023
@Maxusmusti
Copy link
Collaborator

@Bobbins228 from your slack thread earlier

@Bobbins228 Bobbins228 self-assigned this Aug 1, 2023
@Bobbins228 Bobbins228 mentioned this issue Aug 2, 2023
Merged
4 tasks
@Bobbins228 Bobbins228 moved this from In Progress to Ready For Review in Project CodeFlare Sprint Board Aug 2, 2023
@Bobbins228 Bobbins228 moved this from Ready For Review to In Review in Project CodeFlare Sprint Board Aug 3, 2023
@Bobbins228 Bobbins228 moved this from In Review to Ready For Review in Project CodeFlare Sprint Board Aug 17, 2023
@github-project-automation github-project-automation bot moved this from Ready For Review to Done in Project CodeFlare Sprint Board Aug 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Bobbins228 Bobbins228

Labels
None yet
Projects
Project CodeFlare Sprint Board
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Added in cluster configuration support Bobbins228/codeflare-sdk
3 participants
@kpouget @Maxusmusti @Bobbins228