Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failure to retrieve AKS cluster resources - kubelogin not found #523

Open
Bemesko opened this issue Aug 25, 2023 · 1 comment
Open

Failure to retrieve AKS cluster resources - kubelogin not found #523

Bemesko opened this issue Aug 25, 2023 · 1 comment
Labels
feature New feature or request not-stale

Comments

@Bemesko
Copy link

Bemesko commented Aug 25, 2023

I'm trying to run kubent on an AKS cluster using Azure AD Authentication with Kubernetes RBAC. This setup requires the installation of kubelogin for converting the kubeconfig so that Microsoft authentication is used (as far as I'm aware).

Usually with this AKS setup, kubelogin is installed along kubectl using the az aks install-cli command.

I tested kubent on some other clusters that didn't require kubelogin and it worked perfectly. When I tried using it on a cluster that did require kubelogin it failed to collect any resource, as per the logs below.

My Configuration

  • Kubens version 0.7.0 running on docker (using the ghcr.io/doitintl/kube-no-trouble:latest image)
  • Kubelogin installed on ~/.azure-kubelogin/kubelogin.exe
  • Kubectl Client v1.27.1
  • The cluster I tried was using Kubernetes v1.25.6

Logs

2:03PM INF >>> Kube No Trouble `kubent` <<<
2:03PM INF version 0.7.0 (git sha d1bb4e5fd6550b533b2013671aa8419d923ee042)
2:03PM INF Initializing collectors and retrieving data
2:03PM INF Target K8s version is 1.26.6
2:03PM INF Retrieved 0 resources from collector name=Cluster
2:03PM ERR Failed to retrieve data from collector error="list: failed to list: Get \"https://<cluster-url>:443/api/v1/secrets?labelSelector=owner%3Dhelm\": getting credentials: exec: executable kubelogin not found" name="Helm v3"
2:03PM INF Loaded ruleset name=custom.rego.tmpl
2:03PM INF Loaded ruleset name=deprecated-1-16.rego
2:03PM INF Loaded ruleset name=deprecated-1-22.rego
2:03PM INF Loaded ruleset name=deprecated-1-25.rego
2:03PM INF Loaded ruleset name=deprecated-1-26.rego
2:03PM INF Loaded ruleset name=deprecated-future.rego

If you need any more information feel free to reach out.
@stepanstipl stepanstipl added the feature New feature or request label Sep 5, 2023
@stepanstipl
Copy link
Contributor

stepanstipl commented Sep 5, 2023
edited

Yep, this is a docker image problem, we don't have the kubelogin binary there. This is a result of several auth libraries moving out of K8S tree to separate binaries. I don't think we want to include all in our docker image, although maybe the major cloud providers we can consider. For sure something we want to look at.

Temp. fix should be building a new docker image with the desired binary, or mounting it inside the existing one as volume, but that's probably more tricky.

We have some similar issues re. GKE (#479) - same problem. In general for sure something we want to look at...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature New feature or request not-stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stepanstipl @Bemesko