Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubectl apply --dry-run=client attempts to connect to the server #1589

Open
mjj29 opened this issue Apr 23, 2024 · 7 comments
Open

kubectl apply --dry-run=client attempts to connect to the server #1589

mjj29 opened this issue Apr 23, 2024 · 7 comments
Labels
kind/feature Categorizes issue or PR as related to a new feature. needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. priority/backlog Higher priority than priority/awaiting-more-evidence. sig/cli Categorizes an issue or PR as relevant to SIG CLI. triage/accepted Indicates an issue or PR is ready to be actively worked on.

Comments

@mjj29
Copy link

mjj29 commented Apr 23, 2024

What happened?

I have an environment which doesn't have server credentials for security reasons for running PR checks on our gitops repository (post-merge actual application has a separate environment with credentials). I would like to do a dry-run check on the validity of the configuration in the PR, without having cluster credentials.

When I ran kubectl apply -f output --dry-run=client it prompted for connection details and failed

What did you expect to happen?

I expected --dry-run=client not to connect to the server

How can we reproduce it (as minimally and precisely as possible)?

  • Create a kubeconfig with an empty connection token for your server (or no details at all)
  • Run kubectl --kubeconfig=kubeconfig --dry-run=client apply -f output
  • kubectl will prompt for username and password (or if you don't have server details, attempt to connect to localhost:8080 and fail)

Anything else we need to know?

No response

Kubernetes version

I'm using 1.26.14, but I also tested with 1.30.0

Cloud provider

n/a

OS version

Linux RHEL8

Install tools

Container runtime (CRI) and version (if applicable)

Related plugins (CNI, CSI, ...) and versions (if applicable)
@mjj29 mjj29 added the kind/bug Categorizes issue or PR as related to a bug. label Apr 23, 2024
@k8s-ci-robot
Copy link
Contributor

There are no sig labels on this issue. Please add an appropriate label by using one of the following commands:

  • /sig <group-name>
  • /wg <group-name>
  • /committee <group-name>

Please see the group list for a listing of the SIGs, working groups, and committees available.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Apr 23, 2024
@k8s-ci-robot
Copy link
Contributor

This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label Apr 23, 2024
@sftim
Copy link
Contributor

sftim commented Apr 23, 2024

/remove-kind bug
/kind support

AIUI: kubectl needs to know the API definition(s) for your cluster in order to do a client side dry run. I don't think we can avoid that but we could document why it happens.

@k8s-ci-robot k8s-ci-robot added kind/support Categorizes issue or PR as a support question. and removed kind/bug Categorizes issue or PR as related to a bug. labels Apr 23, 2024
@mjj29
Copy link
Author

mjj29 commented Apr 23, 2024

Well then it's not really a client side validation is it. Is there any kind of validation I can do without giving pre approval PRs cluster credentials?

@sftim
Copy link
Contributor

sftim commented Apr 23, 2024

There's a better home for this request.
/transfer kubectl

@k8s-ci-robot k8s-ci-robot transferred this issue from kubernetes/kubernetes Apr 23, 2024
@ardaguclu
Copy link
Member

/remove-kind support
/kind feature

Yes it is known that dry-run=client still requires to access to cluster (see more: kubernetes/kubernetes#123337 (comment)).
/triage accepted
/priority backlog

@k8s-ci-robot k8s-ci-robot added kind/feature Categorizes issue or PR as related to a new feature. triage/accepted Indicates an issue or PR is ready to be actively worked on. priority/backlog Higher priority than priority/awaiting-more-evidence. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. kind/support Categorizes issue or PR as a support question. labels Apr 24, 2024
@ardaguclu
Copy link
Member

/sig cli

@k8s-ci-robot k8s-ci-robot added the sig/cli Categorizes an issue or PR as relevant to SIG CLI. label Apr 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature. needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. priority/backlog Higher priority than priority/awaiting-more-evidence. sig/cli Categorizes an issue or PR as relevant to SIG CLI. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mjj29 @ardaguclu @k8s-ci-robot @sftim