clever-policeman-58407
05/29/2024, 7:16 PMkubectl config set-context
, and a provider in my Garden configuration hard-coded to the same context I am given the error:
Could not read cluster from kubeconfig for context arn:aws:eks:us-west-2:XXXXXXXXXX:cluster/my-cluster-name
I am able to run kubectl commands with no issue in the step prior within the same workflow, so I know with certainty that the context is set properly and that there are no authentication / connection issues.
Things that I have tried:
- Building as-is with no additional options
- Providing an explicit $KUBECONFIG that refers explicitly to the location of the kubeconfig
- Providing a base64 encoded version of the kube config via the kubeconfig
action param
Garden action does not seem to pick up on the default kube config by default.
Providing an explicit $KUBECONFIG seems to have no discernible effect whatsoever.
Providing a base64 encoded version of the kube config results in: error: error loading config file <file> line 6: could not find expected ':'
which indicates to me that there may be a bug in the YAML processing.
Is there an existing example of the official Garden Action usage with remote Kubernetes clusters rather than Garden Cloud?big-spring-14945
05/30/2024, 12:09 PMbig-spring-14945
05/30/2024, 12:13 PMbig-spring-14945
05/30/2024, 12:18 PM# [...]
contexts:
- context:
cluster: arn:aws:eks:region:123412341234:cluster/cluster-abcdef
user: arn:aws:eks:region:123412341234:cluster/cluster-abcdef
name: arn:aws:eks:region:123412341234:cluster/cluster-abcdef
# [...] remaining config with users: and clusters: matching the referenced names
clever-policeman-58407
05/30/2024, 9:52 PMaws eks update-kubeconfig
) I made the assumption that it must not be seeing the default kubeconfig file at all and decided to provide it directly with the kubeconfig
argument.
I can verify that the kubeconfig is sane, but even after providing the same file as a base64 encoded string to kubeconfig
it returns the aforementioned error: error loading config file <file> line 6: could not find expected ':'
which smells like a YAML parsing bug to meclever-policeman-58407
05/30/2024, 9:52 PMapiVersion: v1
clusters:
- cluster:
certificate-authority-data: <blob>
server: https://FOO.BAR.us-west-2.eks.amazonaws.com
name: arn:aws:eks:us-west-2:<aws_id>:cluster/foo-bar-cloud
contexts:
- context:
cluster: arn:aws:eks:us-west-2:<aws_id>:cluster/foo-bar-cloud
user: arn:aws:eks:us-west-2:<aws_id>:cluster/foo-bar-cloud
name: arn:aws:eks:us-west-2:<aws_id>:cluster/foo-bar-cloud
current-context: arn:aws:eks:us-west-2:<aws_id>:cluster/foo-bar-cloud
kind: Config
preferences: {}
users:
- name: arn:aws:eks:us-west-2:<aws_id>:cluster/foo-bar-cloud
user:
exec:
apiVersion: client.authentication.k8s.io/v1beta1
args:
- --region
- us-west-2
- eks
- get-token
- --cluster-name
- foo-bar-cloud
- --output
- json
command: aws
clever-policeman-58407
05/30/2024, 9:53 PM$KUBECONFIG
?clever-policeman-58407
05/31/2024, 10:48 AMgarden.yml
with the irrelevant parts stripped:
apiVersion: garden.io/v1
kind: Project
name: foobar-cloud
defaultEnvironment: local
dotIgnoreFile: .gitignore
variables:
# Kubernetes namespaces do not allow underscores.
cluster_name: ${local.env.CLUSTER_NAME || "foobar"}
ci-branch: ${local.env.CI_BRANCH || "ci-demo"}
ci-run-number: ${local.env.CI_RUN_NUMBER || 1}
namespace: "${local.env.CI_BRANCH ? kebabCase(local.env.CI_BRANCH) : local.env.CLUSTER_NAMESPACE || kebabCase(local.username)}"
dev-domain: foobar.dev
environments:
- name: local
defaultNamespace: ${var.namespace}
variables:
base-domain: localhost
base-hostname: localhost
deploy-target: local
- name: ci
defaultNamespace: "${var.namespace}"
variables:
base-domain: ${var.dev-domain}
base-hostname: "${var.namespace}.${var.dev-domain}"
deploy-target: remote
- name: remote
defaultNamespace: ${var.namespace}
variables:
base-domain: ${var.dev-domain}
base-hostname: "${var.namespace}.${var.dev-domain}"
deploy-target: remote
- name: ephemeral
defaultNamespace: ${var.namespace}
variables:
base-hostname: localhost
deploy-target: remote
providers:
- name: kubernetes
environments: [remote, ci]
namespace: ${environment.namespace}
context: arn:aws:eks:us-west-2:<aws_id>:cluster/foo-bar-cloud
clever-policeman-58407
05/31/2024, 10:49 AMclever-policeman-58407
05/31/2024, 11:04 AMline 6: could not find expected ':'
was indeed a YAML parsing bug.
Although the unindented format that AWS returns is technically valid, the same-level indentation of the children under clusters
and contexts
was causing that error.
Now that it parses correctly, however, I'm back to square one with the original error:
Could not read cluster from kubeconfig for context arn:aws:eks:us-west-2:XXXXXXXXXX:cluster/my-cluster-name
clever-policeman-58407
05/31/2024, 11:06 AM:
instances in the context name as YAML objects?clever-policeman-58407
05/31/2024, 11:14 AMKUBECONFIG: /home/runner/work/_temp/garden/kubeconfig
If I force the workflow to cat
the contents of that file afterwards, I can see that the cluster / context that Garden is failing to read is definitely there.clever-policeman-58407
05/31/2024, 11:15 AMclever-policeman-58407
05/31/2024, 6:34 PMkubeconfig
🎉
That confirms again that the root of the issue is in the YAML parsing.clever-policeman-58407
05/31/2024, 6:35 PMaws eks update-kubeconfig
command.
- Latest AWS CLI from Github's ubuntu-latest
image.
- Garden Action is garden-io/garden-action@v1.2
big-spring-14945
06/04/2024, 12:44 PMkubeconfig.yml
file containing the YAML text from your message linked above.
2. I created a test.garden.yml
file in the same directory, containing
apiVersion: garden.io/v1
kind: Project
name: project
defaultEnvironment: local
dotIgnoreFile: .gitignore
environments:
- name: local
providers:
- name: kubernetes
kubeconfig: kubeconfig.yml
context: arn:aws:eks:us-west-2:<aws_id>:cluster/foo-bar-cloud
3. I ran garden validate
(garden version: 0.13.31
), which failed to authenticate due to the redactions.
Do you have additional clues for me that might help to reproduce the problem?
Thank you for taking the time to report this problem, hoping we can understand the issue soon ❤️big-spring-14945
06/04/2024, 12:50 PMKUBECONFIG
variable should default to whatever the value of KUBECONFIG
is before the garden action has been invoked, and we should only set KUBECONFIG
to ${{ runner.temp }}/garden/kubeconfig
if the user added a kubeconfig
argument. Or maybe we should remove the base64 functionality. What's your opinion on the action inputs @clever-policeman-58407 ?clever-policeman-58407
06/06/2024, 4:59 PM$HOME/.kube/config
2. $KUBECONFIG
can override this value
3. kubeconfig
overrides both, but only matters if explicitly specified
On base64 input: I think in a theoretical sense it seems quite strange to specify an encoded string rather than specifying an input path, because the implication there is "this value is derived from a stored secret" and I don't think most workflows will statically store kubeconfigs. In all the scenarios we currently have for using Garden (dev, test, qa, CI, production) those are generated on the fly from k3s / k3d / EKS and there is no real value in the base64 encode / decode step.clever-policeman-58407
06/06/2024, 5:05 PMclever-policeman-58407
06/06/2024, 5:05 PMclever-policeman-58407
06/06/2024, 5:06 PMclever-policeman-58407
06/06/2024, 5:07 PMyaml
contexts:
- context:
cluster: foobar
user: foobar
name: foobar
Valid YAML, works. Technically unnecessary indentation but fixes the issue.
yaml
contexts:
- context:
cluster: foobar
user: foobar
name: foobar
clever-policeman-58407
06/06/2024, 5:09 PMclever-policeman-58407
06/06/2024, 5:17 PM$HOME/.kube/config
so there's that 🤷♂️big-spring-14945
06/07/2024, 8:09 AMgentle-umbrella-55872
06/09/2024, 3:37 PMbig-spring-14945
06/11/2024, 12:55 PMbig-spring-14945
06/11/2024, 1:06 PMgentle-umbrella-55872
06/13/2024, 6:05 AM- name: 🐟 set kubectl context
run: echo "KUBE_CONTEXT=$(kubectl config current-context)" >> $GITHUB_ENV
and in the project provider use the context if available
providers:
- name: local-kubernetes
environments: [local, local-prod]
context: ${local.env.KUBE_CONTEXT || "docker-desktop"}
thank you! 🥳big-spring-14945
06/13/2024, 9:07 AMgentle-umbrella-55872
06/13/2024, 6:21 PM