ansible/awx

Provide a credential type for the Kubernetes configuration file `kubeconfig`

Open

#15,574 opened on Oct 3, 2024

View on GitHub
 (1 comment) (0 reactions) (0 assignees)Python (13,071 stars) (3,333 forks)batch import
communitycomponent:apicomponent:docshelp wantedtype:enhancement

Description

Please confirm the following

  • I agree to follow this project's code of conduct.
  • I have checked the current issues for duplicates.
  • I understand that AWX is open source software provided for free and that I might not receive a timely response.

Feature type

New Feature

Feature Summary

If you have client-certificate-data and client-key-data in your kubeconfig file, you can't use the OpenShift or Kubernetes API Bearer Token credential type because that requires a token, and even if you do have a token, you shouldn't have to parse it out of the file.

It would be nice to have a built-in credential type called "Kubernetes configuration (kubeconfig)" or similar that just sticks the entire file into the K8S_AUTH_KUBECONFIG environment variable. The Kubernetes modules (e.g. kubernetes.core.k8s_info) can deal with the entire file or environment variable, without users having to split apart fields within the file (as required by the OpenShift or Kubernetes API Bearer Token credential type).

The only workaround I can think of right now is to create a custom credential type.

Select the relevant components

  • UI
  • API
  • Docs
  • Collection
  • CLI
  • Other

Steps to reproduce

  1. Go to Credentials.
  2. Add a new one.
  3. Look for a credential type that supports uploading of a kubeconfig file.

Current results

Such a credential type is not available, and the only other Kubernetes one doesn't support this (and it wouldn't make sense anyway).

Sugested feature result

It would be nice to have a built-in credential type called "Kubernetes configuration (kubeconfig)" or similar that just sticks the entire file into the K8S_AUTH_KUBECONFIG environment variable. The Kubernetes modules (e.g. kubernetes.core.k8s_info) can deal with the entire file or environment variable, without users having to split apart fields within the file (as required by the OpenShift or Kubernetes API Bearer Token credential type).

Additional information

No response

Contributor guide

Tech stack
pythonkubernetes
Domain
backendauthenticationdevops
Issue type
feature
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
half day
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
fresh
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
Python programmingAWX credential typesKubernetes kubeconfig
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
60
Research direction
Investigate how existing credential types (e.g., 'OpenShift or Kubernetes API Bearer Token') are implemented in AWX. Look at the credential model in `awx/main/models/credential.py` and the credential creation API in `awx/api/views/credential.py`. Also review the UI components that render credential type selection and input fields. The new 'Kubernetes configuration (kubeconfig)' credential type should allow uploading a kubeconfig file and set the `K8S AUTH KUBECONFIG` environment variable accordingly. Check the documentation for adding new credential types.
Provide a credential type for the Kubernetes configuration file `kubeconfig` · ansible/awx#15574 | Good First Issue