Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

freeze KUBECONTEXT for k8s_custom_deploy #5703

Closed
nicks opened this issue Apr 18, 2022 · 4 comments · Fixed by #5790
Closed

freeze KUBECONTEXT for k8s_custom_deploy #5703

nicks opened this issue Apr 18, 2022 · 4 comments · Fixed by #5790
Assignees
@nicks
Labels
enhancement New feature or request

Comments

@nicks
Copy link
Member

nicks commented Apr 18, 2022

Describe the Feature You Want

Right now, when tilt shells out in k8s_custom_deploy, tilt doesn't do anything to ensure that the script you're invoking is talking to the same kubernetes context that tilt is talking to.

This means that if you change the default context outside of tilt, you could accidentally deploy to a prod cluster 😱

Implementation Notes

We should change the cluster reconciler so that when it "resolves" the context, it:

  1. Writes a new "frozen" kubeconfig, similar to kubectl config view --minify to a tempdir
  2. Publish the path to the frozen kubeconfig on the cluster status field
  3. When running k8s_custom_deploy, inject the KUBECONTEXT env variable to point to this new file.
@nicks nicks added the enhancement New feature or request label Apr 18, 2022
@landism landism mentioned this issue May 6, 2022
Closed
@nicks
Copy link
Member Author

nicks commented May 6, 2022

i'll take a look at this since it came up again today.

@nicks nicks self-assigned this May 6, 2022
@landism
Copy link
Member

landism commented May 6, 2022

This problem could arise with local and local_resource as well, though that might be a bit dicier (e.g., I've written a Tiltfile that used local to run kubectl to copy secrets from one context to another, which could be annoying if Tilt forced the k8s config for all locals)

@landism
Copy link
Member

landism commented May 6, 2022

This problem could arise with local and local_resource as well
A good argument here is that we've had multiple reports of it with k8s_custom_deploy in the short time since it shipped and haven't heard of it with local/local_resource in the years they've been around.

nicks added a commit that referenced this issue May 9, 2022
@nicks
kubernetesapply: inject a frozen kubeconfig into k8s_custom_deploy
2e180a7 
Fixes #5703
@nicks nicks mentioned this issue May 9, 2022
Merged
nicks added a commit that referenced this issue May 9, 2022
@nicks
kubernetesapply: inject a frozen kubeconfig into k8s_custom_deploy
dd043e4 
Fixes #5703
nicks added a commit that referenced this issue May 9, 2022
@nicks
kubernetesapply: inject a frozen kubeconfig into k8s_custom_deploy (#…
9e4dbb9 
…5790)

Fixes #5703
@kalmant
Copy link

kalmant commented May 18, 2022
edited
Loading

This problem could arise with local and local_resource as well
A good argument here is that we've had multiple reports of it with k8s_custom_deploy in the short time since it shipped and haven't heard of it with local/local_resource in the years they've been around.

Someone using Tilt v0.27.0 just ran into this issue through helm_resource which made me realize local and local_resource are probably also at risk (and also led me to this issue).
So if possible, I'd like to cast a vote for a "fix" for local/local_resource. I'm sure I can put together some solution for us but a solution in tilt itself would be much better.

An idea: perhaps having a kubectl command in the API would work. It could make sure to always use the context you started Tilt with.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nicks nicks

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

kubernetesapply: inject a frozen kubeconfig into k8s_custom_deploy tilt-dev/tilt
3 participants
@nicks @kalmant @landism