slim icon indicating copy to clipboard operation
slim copied to clipboard
verified publisher icon slimtoolkit

Unable to read auth data from kube config connected to external IAM

Open nkuzman opened this issue 2 years ago • 4 comments

Expected Behavior

When running slim build on a running container in k8s cluster, authentication should be successfully read from cube config.

Actual Behavior

I'm using external IAM provider for k8s authentication. This is my configuration snapshot:

kind: Config
users:
- name: my-user/{hash}/external.iam.com-id
  user:
    auth-provider:
      config:
        client-id: my-client-id
        client-secret: my-secret
        id-token: {hash}
        refresh-token: {hash}
        idp-issuer-url: https://external.iam.com/id
      name: oidc

When I try to run docker build and connect it to a running container in k8s cluster, I get an error:

time="2023-04-17T15:03:49+02:00" level=fatal msg="slim: failure" error="no Auth Provider found for name "oidc"" stack="goroutine 1 [running]:\nruntime/debug.Stack()\n\truntime/debug/stack.go:24 +0x65\ngithub.com/docker-slim/docker-slim/pkg/util/errutil.FailOn({0x1f2d220, 0xc0000d9bf0})\n\tgithub.com/docker-slim/docker-slim/pkg/util/errutil/errutil.go:32 +0x5e\ngithub.com/docker-slim/docker-slim/pkg/app.(*ExecutionContext).FailOn(0x7fffe00a3813?, {0x1f2d220?, 0xc0000d9bf0?})\n\tgithub.com/docker-slim/docker-slim/pkg/app/execontext.go:56 +0x49\ngithub.com/docker-slim/docker-slim/pkg/app/master/commands/build.OnCommand(_, , {, _}, , {, }, {, _}, {0x0, ...}, ...)\n\tgithub.com/docker-slim/docker-slim/pkg/app/master/commands/build/handler.go:217 +0x188d\ngithub.com/docker-slim/docker-slim/pkg/app/master/commands/build.glob..func1(0xc00012b500)\n\tgithub.com/docker-slim/docker-slim/pkg/app/master/commands/build/cli.go:723 +0x56b0\ngithub.com/urfave/cli/v2.(*Command).Run(0x2d49240, 0xc00041e7c0)\n\tgithub.com/urfave/cli/[email protected]/command.go:163 +0x5dc\ngithub.com/urfave/cli/v2.(*App).RunContext(0xc000182b60, {0x1f46a50?, 0xc000136000}, {0xc00012c000, 0x8, 0x8})\n\tgithub.com/urfave/cli/[email protected]/app.go:313 +0xb7d\ngithub.com/urfave/cli/v2.(*App).Run(...)\n\tgithub.com/urfave/cli/[email protected]/app.go:224\ngithub.com/docker-slim/docker-slim/pkg/app/master.Run()\n\tgithub.com/docker-slim/docker-slim/pkg/app/master/app.go:15 +0x46\nmain.main()\n\tgithub.com/docker-slim/docker-slim/cmd/slim/main.go:15 +0x18e\n" version="linux|Transformer|1.40.1|9c5e69ab1fd4564b0a5426d47be038155e63e4c1|2023-04-05_11:22:53PM"

Build command I'm using: docker-slim build --tag my-slim-image --target-kube-workload deployment/my-workload --target-kube-workload-namespace my-namespace

Steps to Reproduce the Problem

  1. Set an external IAM configuration in kube config
  2. Run slim build on a container running in k8s cluster using external IAM

Specifications

  • Version: 1.40.1
  • Platform: Linux (WSL)

nkuzman avatar Apr 17 '23 13:04 nkuzman

Thanks for opening the issue @nkuzman ! This will be a nice enhancement. The current k8s runtime capabilities are still very basic/experimental. Still ways to go before it's feature complete enough :-)

kcq avatar May 11 '23 16:05 kcq