-
Notifications
You must be signed in to change notification settings - Fork 3.3k
Basic authentication #430
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
me too |
i don't kown how to set params
|
/usr/local/lib/python2.7/dist-packages/kubernetes/client/configuration.py |
Try to launch one of the examples, for instance Enjoy :) |
@tomplus |
shell cmd:kubectl config set-cluster default --server=https://IP:6443 --certificate-authority=/root/.kube/ca.pem worked!! root@honglei-virtual-machine:~/.kube# cat /root/.kube/config
|
All the solutions are towards using the config file |
Same here. I m trying to target a kube cluster deployed on Google cloud (Google Kube Engine).
I will do a PR to see if we could add it in the example section to demonstrate the use of the "configuration" object and the way to configure the library to target a remote Kube cluster. |
OK so after more digging... First the documentation https://github.com/kubernetes-client/python/blob/master/kubernetes/README.md (at the very end of page) only mention the "BearerToken" method (which is the one I describe in my previous answer). There is nothing about the basic auth (even if it is supported bu Kube as explain on their official doc : https://kubernetes.io/docs/admin/authentication/ "Kubernetes uses client certificates, bearer tokens, an authenticating proxy, or HTTP basic auth to authenticate....") Second I check in the code and the method "get_basic_auth_token" in configuration.py is never call anywhere (and it is the only one dealing with username/password field). Then I try to "hack" a little the python code by modifying the class configuration and change its auth_setting with that
I just added the "http_basic_test" here. Then you can take any functional class like ""core_v1_api and modify the method you plan to use (list_pod_for_all_namespaces_with_http_info in my case) and modify the auth part of the code. Replace You should have valid response and even see the basic auth info if you activate debug log (like it is done in my previous answer): I hope it already help a little (my advise : go with my previous answer and bearer tokens for now) |
We have been trying to use basic auth also. Basically we want to use any auth method that allows us to get credentials from the GKE api and use that to hit the kubernetes API. We can't rely on the kube config file because we may be operating against many different clusters even ones we just created and don't want to shell out to the gcloud API. |
I made some more digging yesterday and confirms my previous idea that the BASIC auth is not supported by this library (and probably by other libs generated from the kube swagger file). The lib is generated from this swagger file: I forked Kube and modify the swagger file to allow it kubernetes/kubernetes@master...charly37:master and generate again the python lib (see https://github.com/kubernetes-client/gen) and then installed this new version on my server and was finally able to use the BASIC auth to communicate with my GKE cluster. I will try to find why the basic auth is not part of the Kube swagger def. If you want more detail about the investigation/test I put that on my blog http://djynet.net/?p=918 Will update this ticket once i have more info. |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Rotten issues close after 30d of inactivity. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
@fejta-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
I found a way how to use Basic Authentication. api_client = kubernetes.client.ApiClient(configuration, header_name="authorization", header_value=basic_auth_token) You can give a header_name and a header_value to the constructor of the ApiClient. The configuration class has a method get_basic_auth_token to get the Basic Auth String. So you can use this to create an authorization header with the basic auth string as a value 👍 i hope this helps |
I am trying to access my cluster using basic authentication
but I am afraid that the docs is not clear regarding this
so I was wondering how to achieve that
The text was updated successfully, but these errors were encountered: