programming-kubernetes / suggestions Goto Github PK
View Code? Open in Web Editor NEWSuggestions for topics to cover
License: The Unlicense
Suggestions for topics to cover
License: The Unlicense
Excuse me, I know this question has nothing to do with this project, but I can't find any clues.
This is something that I spent some time trying to understand, and I think it can help others, particularly people who are implementing an authorizer, either as part of their custom API server or as a Webhook of kube-apiserver
.
Basically, what was a surprise to me is that there's an extra state other than the boolean-style Allow
/Deny
, namely NoOpinion
.
And this is very important to understand that other than AlwaysAllow
authorizer, (I believe) all other authorizers, including Node
and RBAC
emit NoOpinion
by default - well, there's no way to model Deny
in RBAC, is there? -. And so should a Webhook, as a best-practice, I think.
Last but not least, it should be noted that if all authorizers emit NoOpinion
, the API server will deny the request. I'm sure this is obvious to the authors, but this is implemented as part of the apiserver
Go library.
The default value for kube-apiserver
--authorizer-mode
is Always Allow
and not RBAC
as implicitly mentioned on page 32, as part of the description of WithAuthorization()
.
kubeadm
does enforce RBAC
.
Minor suggestion.
Page 39, example code.
I believe expansion of ~
to $HOME
must be handled manually, either with os.ExpandEnv($HOME/.kube/config)
or as described here
Albeit the code is just an example and serves for easy reading, a beginner will run into just that type of issue.
I just picked up your book, enjoying it so far, very informative. I'm on page 39
and attempting to run the little block of code as written:
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/tools/clientcmd"
)
func main() {
kubeconfig := flag.String("kubeconfig", "~/.kube/config", "kubeconfig file")
flag.Parse()
config, err := clientcmd.BuildConfigFromFlags("", *kubeconfig)
clientset, err := kubernetes.NewForConfig(config)
pod, err := clientset.CoreV1().Pods("default").Get("example", metav1.GetOptions{})
}
Running go build
will result in the following:
go build -o ./bin/kube-client ./cmd/kubeclient/main.go
# k8s.io/client-go/rest
../../../pkg/mod/k8s.io/client-go@v11.0.0+incompatible/rest/request.go:598:31: not enough arguments in call to watch.NewStreamWatcher
have (*versioned.Decoder)
want (watch.Decoder, watch.Reporter)
It looks like it relates to this issue:
kubernetes/apimachinery#63
It seems like there isn't a standard for how to use code-generator scripts in a gomodules based project yet, documenting some path would be useful as that gains traction.
Hi,
I'm just started going through "Programming Kubernetes" book in Oreily. Can you add Build and delployment guide/steps in READMD.md files.
The AtList sample does not compile. Can you explain how this should work? I fixed up the imports and package names as below but I am getting the following error
dlan@dlan-XPS-13:~/repos/kube/genesys/cnat-client$ go build
# dlan/cnat-client
./main.go:18:14: undefined: client.NewScheme
./main.go:25:55: cannot use client.InNamespace("default") (type client.InNamespace) as type runtime.Object in argument to cl.List:
client.InNamespace does not implement runtime.Object (missing DeepCopyObject method)
./main.go:25:55: cannot use list (type *v1alpha1.AtList) as type client.ListOption in argument to cl.List:
*v1alpha1.AtList does not implement client.ListOption (missing ApplyToList method)
Here's the code
package main
import (
"context"
"flag"
"k8s.io/client-go/tools/clientcmd"
cnatv1alpha1 "github.com/programming-kubernetes/cnat/cnat-kubebuilder/pkg/apis/cnat/v1alpha1"
runtimeclient "sigs.k8s.io/controller-runtime/pkg/client"
)
func main() {
kubeconfig := flag.String("kubeconfig", "~/.kube/config", "kubeconfig file")
flag.Parse()
config, _ := clientcmd.BuildConfigFromFlags("", *kubeconfig)
crScheme := runtimeclient.NewScheme()
cnatv1alpha1.AddToScheme(crScheme)
cl, _ := runtimeclient.New(config, runtimeclient.Options{
Scheme: crScheme,
})
list := &cnatv1alpha1.AtList{}
_ = cl.List(context.TODO(), runtimeclient.InNamespace("default"), list)
}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.