Fix infinite recursion loop with kube login #107
Conversation
Problem --- As raised in flavio#37 and in rancher-sandbox/rancher-desktop#1308, When using kubelogin or any other credentials benefiting from kubectl plugins, an infinite recursion loop happens. kuberlr is designed to be a built-in replacement for `kubectl` and hence replaces the `kubectl` command in the `PATH`. Using kubectl exec plugin configured as below, the Kubernetes version client will systematically execute kubectl to obtain credentials to the cluster. This will result calling `kuberlr` which will try to get the version again. ```yaml - name: schip-oidc user: exec: apiVersion: client.authentication.k8s.io/v1beta1 args: - oidc-login - get-token - --oidc-issuer-url=https://auth.example.com - --oidc-client-id=kubelogin command: kubectl ``` To prevent this infinite loop, mark the execution of `KubectlVersionToUse` in an environment variable. This way, when `kuberlr` is executed again to authenticate to Kubernetes so it can retrieve the Kubernetes version, it will systematically use the latest stable Kubectl version and avoid the infinite recursion loop. fixes: flavio#37 fixes: rancher-sandbox/rancher-desktop#1308
Signed-off-by: Flavio Castelli <[email protected]>
|
@tjamet thanks for the fix! I've done a small refactor, can you double test it please? I don't have a suitable environment |
I just tested and it worked for me. |
|
Hi @flavio would you need anything else from me to be able to move this forward? |
|
@tjamet I’m currently on vacation. I’ll look into that next week |
|
Thanks for having added the unit tests. There's a risk of the two tests influencing each other when the tests are run in parallel, but this is not going to happen since we don't have parallelism enabled. Before going on vacation I was looking into the unit tests of the project and I realized I could do some cleanups. I'm going to merge this PR, do the cleanups in the next days and then tag a new release. Thanks again for this fix! |
Problem
As raised in #37 and in rancher-sandbox/rancher-desktop#1308, When using kubelogin or any other credentials benefiting from kubectl plugins, an infinite recursion loop happens.
kuberlr is designed to be a built-in replacement for
kubectland hence replaces thekubectlcommand in thePATH.Using kubectl exec plugin configured as below,
the Kubernetes version client will systematically
execute kubectl to obtain credentials to the cluster.
This will result calling
kuberlrwhich will try to get the version again.To prevent this infinite loop, mark the execution of
KubectlVersionToUsein an environment variable.This way, when
kuberlris executed again to authenticate to Kubernetes so it can retrieve the Kubernetes version, it will systematically use the latest stable Kubectl version and avoid the infinite recursion loop.fixes: #37
fixes: rancher-sandbox/rancher-desktop#1308