Compatability with kubernetes >= 32.0.0 #868
Comments
|
I'm unable to reproduce this. I tested using:
Both the |
|
I didn't see any breaking changes in kubernetes python client changelog I will check in the close-to-production scenario with |
|
We are still running a 1.31.x Kubernetes cluster - maybe that's the issue? I think there were some auth related changes in 1.32 and since our stack trace is complaining that we are identified as We can reproduce this across multiple machines running different OSes and everyone can work again once we downgrade to kubernetes 31.x.y |
|
Hi @sebhoss, could you try something like: with kubeconfig that has only a single context? And in general, how do you pass credentials to the module? |
|
Just tested against a 1.31.4 server and is working with kubernetes=32.0.0. How are you authenticating to the cluster? There are a few issues open for the 32.0.0 release around authentication that people seem to be having, especially with GKE and EKS. |
|
Thanks for the quick feedback here! No change when using the users:
- name: kube.internal
user:
exec:
apiVersion: client.authentication.k8s.io/v1beta1
args:
- oidc-login
- get-token
- --token-cache-dir=~/.cache/kubelogin
- --oidc-issuer-url=https://login.internal/auth/realms/kube.internal
- --oidc-client-id=kube.internal
command: kubectl
env: null
interactiveMode: IfAvailable
provideClusterInfo: false |
This should not be an issue, plugin/exec-based authentication is supported for 'normal' modules, and since PR #698 for kubectl connection plugin |
|
I realized that the |
|
It sounds like kubernetes-client/python#2333 (comment) may be your issue. I think this is a kubernetes problem not a kubernetes.core problem, but we'll leave it open until kubernetes hopefully does a bugfix and see if that sorts things out. |
|
Thanks! |
I will test the combination of Will back soon |
|
Hi @sebhoss, I'm back with my test result, @gravesm was right, it's an issue with kubernetes python client authentication with credential plugins (client.authentication.k8s.io/v1). So, when kubeconfig is traditional with user client certificate it works fine, but when used exec module use In my particular case collection works fine with For history: |
|
Thanks @yurnov ! |
|
FYI I came across this issue when trying to run against Digital Ocean K8s clusters. The current workaround is to install kubernetes 31.0.0 |
|
Update on this a fix has been merged so just waiting on a new release. I have built the main branch of kubernetes python and verified it sorts my Digital Ocean issue and am sure it will sort other providers. |
|
Hi -- I found the same issue using a credential manager; will there be a patch release containing the fix from kubernetes-client/python#2338 ? Thank you! |
Just pin |
SUMMARY
After upgrading the Python kubernetes library to version 32+, we can no longer use the kubernetes.core Ansible module.
ISSUE TYPE
COMPONENT NAME
k8s_info but it think it affects all components
ANSIBLE VERSION
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
Fedora 41
STEPS TO REPRODUCE
EXPECTED RESULTS
We want to see successful results from k8s modules
ACTUAL RESULTS
We are seeing strack traces like this:
Downgrading
kubernetesto the latest 31.X version fixes this for us.The text was updated successfully, but these errors were encountered: