New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
client-go's InClusterConfig does not implement documented API discovery heuristics #112263
Comments
/sig api-machinery |
/cc @Jefftree |
The `Config::from_cluster_env` constructor is misleadingly named: it doesn't use the environment, it uses the default cluster configurations. This change deprecates the `Config::from_cluster_env` constructor in favor of `Config::load_in_cluster`. An additional constructor, `Config::load_in_cluster_from_legacy_env`, uses the `KUBERNETES_SERVICE_HOST` and `KUBERNETES_SERVICE_PORT` environment variables to match client-go's behavior. This changes does NOT alter the default inferred configuration in any way. It simply allows users to opt-in to using the old behavior. Related to kubernetes/kubernetes#112263 Closes kube-rs#1000 Signed-off-by: Oliver Gould <ver@buoyant.io>
The `Config::from_cluster_env` constructor is misleadingly named: it doesn't use the environment, it uses the default cluster configurations. This change deprecates the `Config::from_cluster_env` constructor in favor of `Config::load_in_cluster`. An additional constructor, `Config::load_in_cluster_from_legacy_env`, uses the `KUBERNETES_SERVICE_HOST` and `KUBERNETES_SERVICE_PORT` environment variables to match client-go's behavior. This changes does NOT alter the default inferred configuration in any way. It simply allows users to opt-in to using the old behavior. Related to kubernetes/kubernetes#112263 Closes kube-rs#1000 Signed-off-by: Oliver Gould <ver@buoyant.io>
The client docs should be updated, rather than change the client-go implementation. Making client-go depend on DNS is not a completely compatible change |
The documentation incorrectly describes the way that client libraries discover the Kubernetes API server. While the `kubernetes.default.svc` DNS is provided as a convenience, **all** of the officially supported API clients use environment variables to discover the address of the API server. This change updates the documentation to reflect this. Fixes kubernetes/kubernetes#112263 Signed-off-by: Oliver Gould <ver@buoyant.io>
* client: Expose a Config constructor to support legacy configurations The `Config::from_cluster_env` constructor is misleadingly named: it doesn't use the environment, it uses the default cluster configurations. This change deprecates the `Config::from_cluster_env` constructor in favor of `Config::load_in_cluster`. An additional constructor, `Config::load_in_cluster_from_legacy_env`, uses the `KUBERNETES_SERVICE_HOST` and `KUBERNETES_SERVICE_PORT` environment variables to match client-go's behavior. This changes does NOT alter the default inferred configuration in any way. It simply allows users to opt-in to using the old behavior. Related to kubernetes/kubernetes#112263 Closes #1000 Signed-off-by: Oliver Gould <ver@buoyant.io> * constify "https" scheme to make accidental "http" harder Signed-off-by: Oliver Gould <ver@buoyant.io> * Restore `Config::from_cluster_env` naming Add `Config::from_cluster_dns` to support the current behavior. Signed-off-by: Oliver Gould <ver@buoyant.io> * Disable the in-cluster rustls test Signed-off-by: Oliver Gould <ver@buoyant.io> * fix typo Signed-off-by: Oliver Gould <ver@buoyant.io> * client: Make discovery conditional on the TLS impl When `rustls-tls` is enabled, the `kubernetes.default.svc` DNS name is used. Otherwise, the `KUBERNETES_SERVICE_{HOST,PORT}` environment variables are used. Signed-off-by: Oliver Gould <ver@buoyant.io> * Review feedback * Make `Config::incluster_env` and `Config::incluster_dns` public regardless of what features are enabled. * Restrict visibility for `pub` helpers that are not actually publicly exported. Signed-off-by: Oliver Gould <ver@buoyant.io> * Add URI-formatting tests Signed-off-by: Oliver Gould <ver@buoyant.io> * fmt Signed-off-by: Oliver Gould <ver@buoyant.io> Signed-off-by: Oliver Gould <ver@buoyant.io>
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale kubernetes/website#36691 has been open since September. Has approvals. Still waiting for a merge... |
What happened?
client-go uses
KUBERNETES_SERVICE_HOST
to discover the API service address:kubernetes/staging/src/k8s.io/client-go/rest/config.go
Lines 507 to 541 in 67bde9a
This at odds with the documentation at https://kubernetes.io/docs/tasks/run-application/access-api-from-pod/#directly-accessing-the-rest-api which states:
client-go does not do this. Though, it includes a TODO:
Ambiguity around the documented client discovery policy causes problems for client libraries; and cloud providers continue to promulgate the (now undocumented) legacy env configuration, e.g. Azure/AKS#3183.
Would you accept a PR to remove the environment based in-cluster configuration in favor of always using
kubernetes.default.svc
?What did you expect to happen?
client-go should use
kubernetes.default.svc
and it should not honor theKUBERNETES_SERVICE_HOST
environment variable.OR the client docs should be updated with the proper heuristics.
How can we reproduce it (as minimally and precisely as possible)?
...
Anything else we need to know?
No response
Kubernetes version
1.24
Cloud provider
AKS
OS version
No response
Install tools
No response
Container runtime (CRI) and version (if applicable)
No response
Related plugins (CNI, CSI, ...) and versions (if applicable)
No response
The text was updated successfully, but these errors were encountered: