Allow in-cluster config for oc

[smarterclayton]

Because we set the default env value to empty, we can't use the default
in cluster config for 'oc' (when you run inside a container, oc works).
It's really important for container integration scenarios that oc uses
the service account token by default, just like kubeconfig.

Regression from upstream kubectl behavior, blocks a significant amount of
real integrations inside containers.

[smarterclayton]

@liggitt @deads2k @csrwng this unblocks running oc from within a container under the service account token, which means we can use oc inside our containers automatically.

[smarterclayton]

[test]

[smarterclayton]

I'm going to also fix the stupid message "error in default cluster"

[liggitt]

O_o

[liggitt]

How does this fix in cluster config?

[smarterclayton]

In cluster config doesn't work if the default cluster host value is empty.

[deads2k]

I'm going to also fix the stupid message "error in default cluster"

Yeah, I remember someone's pull being rejected as "ugly". I look forward to seeing the beautiful version. :)

[deads2k]

So if we actually want to solve it this way, why not try to do it upstream? I can't say that I'm really a fan of this.

[csrwng]

I tested this and it now works without having to include the --token. However, I would also expect 'oc' to default to the pod's namespace, instead it defaults to 'default' and you have to specify '-n namespace'.

[deads2k]

I would expect you have to have problems with nil maps versus empty maps. If you don't have an issue now, be sure to add a test that goes through the load method. I remember a pull upstream that was looking at having empty maps instead of nil ones.

[smarterclayton]

A nil map would still be someone setup the config. I will add a test.

On Thu, Nov 5, 2015 at 11:00 AM, David Eads [email protected]
wrote:

In
Godeps/_workspace/src/k8s.io/kubernetes/pkg/client/unversioned/clientcmd/validation.go
#5722 (comment):

@@ -143,6 +157,10 @@ func ConfirmUsable(config clientcmdapi.Config, passedContextName string) error {
func validateClusterInfo(clusterName string, clusterInfo clientcmdapi.Cluster) []error {
validationErrors := make([]error, 0)

• if reflect.DeepEqual(clientcmdapi.Cluster{}, clusterInfo) {

I would expect you have to have problems with nil maps versus empty maps.
If you don't have an issue now, be sure to add a test that goes through the
load method. I remember a pull upstream that was looking at having empty
maps instead of nil ones.

—
Reply to this email directly or view it on GitHub
https://github.com/openshift/origin/pull/5722/files#r44028845.

[csrwng]

related BZ https://bugzilla.redhat.com/show_bug.cgi?id=1278180

[deads2k]

At first glance, this looks like it simply changes the message. How is this changing behavior?

[deads2k]

Why would I be inspecting and transforming the error here instead of CheckErr?

[smarterclayton]

More invasive change, also it would result in a because Kube would
have different messages than us.

On Thu, Nov 5, 2015 at 11:07 AM, David Eads [email protected]
wrote:

In pkg/cmd/util/clientcmd/factory.go
#5722 (comment):

+// RawConfig calls the nested method
+func (c defaultingClientConfig) RawConfig() (kclientcmdapi.Config, error) {

• return c.nested.RawConfig()
  +}

+// Namespace calls the nested method
+func (c defaultingClientConfig) Namespace() (string, bool, error) {

• return c.nested.Namespace()
  +}

+// ClientConfig returns a complete client config
+func (c defaultingClientConfig) ClientConfig() (*kclient.Config, error) {

• cfg, err := c.nested.ClientConfig()
• if err != nil {

•   if kclientcmd.IsEmptyCluster(err) {
  

Why would I be inspecting and transforming the error here instead of
CheckErr?

—
Reply to this email directly or view it on GitHub
https://github.com/openshift/origin/pull/5722/files#r44029872.

[smarterclayton]

Now with upstream tests, a cleaner core story, and comments addressed

[deads2k]

More invasive change, also it would result in a because Kube would
have different messages than us.

I think we'll want different messages at some point. We should probably add a ErrorInterpretter or some such to kube.

[deads2k]

I'm still not seeing where this is changing the client you get for an empty config, but it does give a prettier message.

lgetm

[smarterclayton]

It does not any more - Jordan's feedback convinced me not to do that.

On Thu, Nov 5, 2015 at 12:59 PM, David Eads [email protected]
wrote:

I'm still not seeing where this is changing the client you get for an
empty config, but it does give a prettier message.

lgetm

—
Reply to this email directly or view it on GitHub
#5722 (comment).

[liggitt]

does api.Semantic.DeepEqual(config, &Config{}) not work? That treats nil==map[]{}

[smarterclayton]

I can't require it from here because of circular dependencies.

[smarterclayton]

@csrwng do you have KUBECONFIG set to a real file or KUBERNETES_MASTER set?

[smarterclayton]

[test]

[csrwng]

neither:

bash-4.2$ env | grep KUBECONFIG
bash-4.2$ env | grep KUBERNETES_MASTER

[liggitt]

IsEmptyConfigError, to keep us sane, since we also have IsConfigEmpty

[liggitt]

just saw we have other similarly named functions, nm for now I guess

[smarterclayton]

Now uses POD_NAMESPACE iff EmptyConfig is returned.

[csrwng]

verified that setting POD_NAMESPACE works

[smarterclayton]

Working on the e2e test now.

On Fri, Nov 6, 2015 at 9:02 AM, Cesar Wong [email protected] wrote:

verified that setting POD_NAMESPACE works

—
Reply to this email directly or view it on GitHub
#5722 (comment).

[smarterclayton]

Should go green, can I get a final sign off on this?

[deads2k]

I think we should switch to client/unversionted/clientcmd/inClusterClientConfig, but we can do that later.

[smarterclayton]

Yeah it would need to be public and other things have to change (it doesn't implement ClientConfig)

[deads2k]

I think we should switch to client/unversionted/clientcmd/inClusterClientConfig, but we can do that later.

Yeah, the .Possible method makes the behavior more obvious. Can we get a TODO?

[smarterclayton]

Added todo, waiting to see if this goes green before pushing (then i'll stick merge on it unless you find more things)

[deads2k]

one request for a comment.

lgtm, otherwise.

[csrwng]

working for me

[smarterclayton]

[merge] - last jenkins wedged

[openshift-bot]

continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_requests_origin/6960/) (Image: devenv-rhel7_2649)

[smarterclayton]

Temporarily disabling e2e tests so this can merge (cesar has manually validated), but ca.crt generated into the running containers under hack/test-end-to-end-docker.sh has newlines, and ca.crt generated into hack/test-end-to-end.sh does not.

[openshift-bot]

Evaluated for origin test up to 13cc7c6

[openshift-bot]

Evaluated for origin merge up to 13cc7c6

[openshift-bot]

continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_requests_origin/6960/)