qbec icon indicating copy to clipboard operation
qbec copied to clipboard

Published 20 hours ago verified publisher icon splunk

Add ability to run qbec without kubeconfig and override qbec.yaml

Open Andor opened this issue 5 years ago • 2 comments

Right now, qbec relies on ~/.kube/config and qbec.yaml files when it tries to find cluster credentials.

I think it would be rather nice if qbec will have the ability to provide all the parameters to connect to the cluster via command line.

In my specific case, I want the ability to run qbec from Terraform. For instance, Terraform providers have configuration like this:

resource "aws_eks_cluster" "cluster" {
  name = "mycluster"
}

data "aws_eks_cluster_auth" "cluster" {
  name = aws_eks_cluster.cluster.id
}

provider "kubernetes" {
  host                   = aws_eks_cluster.main[0].endpoint
  cluster_ca_certificate = base64decode(aws_eks_cluster.main[0].certificate_authority.0.data)
  token                  = data.aws_eks_cluster_auth.cluster.token
}

And I imagine I want to run qbec from terraform with options like this:

resource "aws_eks_cluster" "cluster" {
  name = "mycluster"
}

data "aws_eks_cluster_auth" "cluster" {
  name = aws_eks_cluster.cluster.id
}

resource "null_resource" "cluster" {
  provisioner "local-exec" {
    command = <<COMMAND
qbec \
--k8s:token=${data.aws_eks_cluster_auth.cluster.token} \
--k8s:cluster-server=${aws_eks_cluster.cluster.endpoint} \
--k8s:cluster-ca-certificate=${aws_eks_cluster.cluster.certificate_authority.0.data} \
apply
COMMAND
  }
}

And/or with environment variables like this:

resource "aws_eks_cluster" "cluster" {
  name = "mycluster"
}

data "aws_eks_cluster_auth" "cluster" {
  name = aws_eks_cluster.cluster.id
}

resource "null_resource" "cluster" {
  provisioner "local-exec" {
    command = "qbec apply"
    environment = {
      QBEC_K8S_TOKEN = data.aws_eks_cluster_auth.cluster.token
      QBEC_K8S_CLUSTER_SERVER = aws_eks_cluster.cluster.endpoint
      QBEC_K8S_CLUSTER_CA_CERTIFICATE = aws_eks_cluster.cluster.certificate_authority.0.data
    }
  }
}

Options names are discussable ofc.

Andor avatar Oct 01 '20 09:10 Andor

Sorry, this issue fell through the cracks. Are you saying that even the environments defined in qbec.yaml should not exist?

qbec does need an env name to set the labels correctly for GC etc.

we already support a --force:k8s-context environment variable - we could conceivably add a new special value called __none__ and use everything from explicit env vars.

But it seems to be that it would be just as easy in terraform to create a kubeconfig with a single context containing the things of interest and force that to be the qbec context. (and explicitly set the --k8s:kubeconfig option to point to the file data file created in the terraform).

gotwarlost avatar Jan 17 '21 02:01 gotwarlost

@gotwarlost That issue was only about cluster credentials, which are taken from kubeconfig file, which can be non-existant in some cases.

Andor avatar Jan 17 '21 16:01 Andor