Refreshing of kubeconfig informations ... #134

Open
opened 3 months ago by sybnex · 2 comments
sybnex commented 3 months ago

Hi,

we having the following issue in a cloud setup:
During the startup of the kubewebview we are generating the kubeconfig file with correct informations and with tokens to access all the clusters.

But those tokens are just valid for one hour and we can't extend them. kubewebview does not seems to reread the kubeconfig file. It just fails after a hour to providing informations because of invalid tokens.

The main problem why we have to do this is, that the pykube module is not able to use an authprovider with an exec part in the kubeconfig. In this case, the tokens could be refeshed automatically.

So we have some workarounds, but they comes with interrupts on the dashboard (restart everything, get new tokens, etc.).

So ...

  • would it be possible to extend the pykube module for doing something like using an authprovider with exec?
    or
  • would it be possible to reread the kubeconfig after the dashboard finds that the cluster is not accessable (so we can change the token in the background)
    or
  • would it be possible to let the dashboard react on a sighub signal to reread the kubeconfig?

What are you thougts about that?

Hi, we having the following issue in a cloud setup: During the startup of the kubewebview we are generating the kubeconfig file with correct informations and with tokens to access all the clusters. But those tokens are just valid for one hour and we can't extend them. kubewebview does not seems to reread the kubeconfig file. It just fails after a hour to providing informations because of invalid tokens. The main problem why we have to do this is, that the pykube module is not able to use an authprovider with an exec part in the kubeconfig. In this case, the tokens could be refeshed automatically. So we have some workarounds, but they comes with interrupts on the dashboard (restart everything, get new tokens, etc.). So ... - would it be possible to extend the pykube module for doing something like using an authprovider with exec? or - would it be possible to reread the kubeconfig after the dashboard finds that the cluster is not accessable (so we can change the token in the background) or - would it be possible to let the dashboard react on a sighub signal to reread the kubeconfig? What are you thougts about that?
Owner

Re-reading kubeconfig makes sense, but this should already work (?), see https://codeberg.org/hjacobs/kube-web-view/src/branch/main/kube_web/cluster_discovery.py#L133 (reads config file each time). Can you try if the kubeconfig is (re-)read when going to /clusters (which calls get_clusters())?

Re-reading kubeconfig makes sense, but this should already work (?), see https://codeberg.org/hjacobs/kube-web-view/src/branch/main/kube_web/cluster_discovery.py#L133 (reads config file each time). Can you try if the kubeconfig is (re-)read when going to `/clusters` (which calls `get_clusters()`)?
Poster

Hi,

ok that seems to work. But is also a bad experience for a developer because of the error message (we had to teach around 300 developers).

ATM I do something like this:

    while True:
    	proc = subprocess.Popen(kubewebview)
        time.sleep(3500)
        refreshKubeTokens()
        proc.kill()

Maybe the get_clusters() could be called once, if the dashboard comes into the read error case?

This error appears: 401 Client Error: Unauthorized

Hi, ok that seems to work. But is also a bad experience for a developer because of the error message (we had to teach around 300 developers). ATM I do something like this: ``` while True: proc = subprocess.Popen(kubewebview) time.sleep(3500) refreshKubeTokens() proc.kill() ``` Maybe the get_clusters() could be called once, if the dashboard comes into the read error case? This error appears: 401 Client Error: Unauthorized
Sign in to join this conversation.
No Label
No Milestone
No Assignees
2 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.