stern icon indicating copy to clipboard operation
stern copied to clipboard
verified publisher icon wercker

bug: stern modify kube config

Open kalioz opened this issue 6 years ago • 3 comments

I recently started using Azure AD authentification for my cluster, which produces an user in .kube/config like so :

- name: myCluster
  user:
    auth-provider:
      config:
        access-token: <accessToken>
        apiserver-id: <apiServerId>
        client-id: <clientId>
        environment: AzurePublicCloud
        expires-in: "3599"
        expires-on: "1568368062"
        refresh-token: <token>
        tenant-id: <tenantId>
      name: azure

stern seems to modify this file and remove the environment: AzurePublicCloud, which forces the user to reauthenticate after each use of stern. resulting file :

- name: myCluster
  user:
    auth-provider:
      config:
        access-token: <accessToken>
        apiserver-id: <apiServerId>
        client-id: <clientId>
        expires-in: "3599"
        expires-on: "1568368062"
        refresh-token: <token>
        tenant-id: <tenantId>
      name: azure

re-adding the missing line allows the user to use the old authentification token without reauthenticating.

The surprising part in this is that it only force the user to reauthenticate in the kubectl command, stern will keep working with the modified file.

For those having the same problem, I can temporally bypass it by using admin credentials (it uses certificates to authenticate, stern doesn't affect it).

stern : version 1.11.0 kubectl client: 1.15.2 kubectl server: 1.14.6

kalioz avatar Sep 13 '19 09:09 kalioz