Uploaded image for project: 'Couchbase Kubernetes'
  1. Couchbase Kubernetes
  2. K8S-589

Handle Proprietary Auth In cbopinfo

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 1.2.0
    • supportability
    • None

    Description

      GCP uses it's own magic mechanism, EKS uses IAM, so using Kubeconfig is out the window.

      Some possible solutions:

      • Use the in-cluster authentication mechanism and run the log collection as some form of job (less work handles everything)
      • Work out how to integrate the cloud specific authentication plugins (more work needs intervention with every new service provider)

      Attachments

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            simon.murray Simon Murray added a comment -

            Note: using config maps as log storage is limited to 1M as that's etcd's biggest document size.  Essentially if we used the in-cluster approach we'd need to have a pod which is alive while we collect, then extract the logs before killing it.  The other option is to upload to s3, but that puts a burden on the customer to start using AWS, so no go.

            simon.murray Simon Murray added a comment - Note: using config maps as log storage is limited to 1M as that's etcd's biggest document size.  Essentially if we used the in-cluster approach we'd need to have a pod which is alive while we collect, then extract the logs before killing it.  The other option is to upload to s3, but that puts a burden on the customer to start using AWS, so no go.

            Not sure this is really 'feature backlog' - this *has to be* table stakes for EKS/AKS/GKE integration otherwise we simply can't support those deployments.

            matt.carabine Matt Carabine added a comment - Not sure this is really 'feature backlog' - this * has to be * table stakes for EKS/AKS/GKE integration otherwise we simply can't support those deployments.

            Jobs by default keeps the pods around until the job is deleted so should be easy to get the output file off - https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#job-termination-and-cleanup

            matt.carabine Matt Carabine added a comment - Jobs by default keeps the pods around until the job is deleted so should be easy to get the output file off - https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#job-termination-and-cleanup
            simon.murray Simon Murray added a comment -

            Fair cop.  Sounds like you *DEMAND* support for 1.2.0

            simon.murray Simon Murray added a comment - Fair cop.  Sounds like you * DEMAND * support for 1.2.0
            simon.murray Simon Murray added a comment -

            Actually, once the pod has completed the container is no longer running, so you cannot perform a remote exec, which means cp won't function (it basically works like scp)

            With docker directly:

            $ docker cp b215f2f5d723:/usr/bin/perl .
            $ ls -l 
            total 1976
            -rwxr-xr-x 1 docker docker 2021960 Jun 10 17:37 perl
            

            With kubectl:

            kubectl cp default/pi-with-timeout-jdn29:/usr/bin/perl .
            error: usr/bin/perl no such file or directory

            simon.murray Simon Murray added a comment - Actually, once the pod has completed the container is no longer running, so you cannot perform a remote exec, which means cp won't function (it basically works like scp) With docker directly: $ docker cp b215f2f5d723:/usr/bin/perl . $ ls -l total 1976 -rwxr-xr-x 1 docker docker 2021960 Jun 10 17:37 perl With kubectl: kubectl cp default/pi-with-timeout-jdn29:/usr/bin/perl . error: usr/bin/perl no such file or directory

            What about EKS?

            matt.carabine Matt Carabine added a comment - What about EKS?
            simon.murray Simon Murray added a comment -

            See this here K8S-661 that's where

            simon.murray Simon Murray added a comment - See this here K8S-661 that's where

            Sweet!

            matt.carabine Matt Carabine added a comment - Sweet!

            People

              simon.murray Simon Murray
              simon.murray Simon Murray
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty