gardener-attic / gardenctl Goto Github PK
View Code? Open in Web Editor NEWCommand-line client for the Gardener.
License: Other
Command-line client for the Gardener.
License: Other
Describe the bug
gardenctl show prometheus
uses the wrong credentials for authenticating with the prometheus' ingress resource
To Reproduce
Steps to reproduce the behavior:
shoot-name
Expected behavior
Expected gardenctl to show the prometheus' ingress credentials and automatically log into the prometheus UI
Gardenctl Version (please complete the following information):
Additional context
The prometheus' ingress credentials together with the ones for grafana and alertmanager are now available in the following secret in the shoot's controlplane: monitoring-ingress-credentials. So gardenctl show prometheus
should retrieve them from there.
The garden cluster setup has changed over time and is most likely setup in one of the following three ways shown in the proposal. To unify access over gardenctl
it is proposed to store the credentials for the garden cluster in separate secrets (as shown in SampleSecret) in the garden
namespace of the virtual cluster. The secret should be annotated with a garden specific key to be able to be parsed by gardenctl
. And can than be accessed in an uniform way, which is illustrated as the black arrows.
Sample Secret:
apiVersion: v1
kind: Secret
metadata:
name: garden-secret
namespace: garden
labels:
runtime: garden
annotations:
clusterName: garden-dev
type: Opaque
data:
kubeconfig: b64(kubeconfig-to-cluster)
gardenctl
has support for the different infrastructure CLIs, all but the latest addition, aliyun
. Could this be added as well, please (it's so handy, when necessary)?
cc: @jia-jerry, Minchao Wang, and Emoin Lanyu
Describe the bug
gardencl does not support K8s v1.11.2
To Reproduce
$ ./gardenctl ls gardens
gardenClusters:
$ ./gardenctl ls shoots
Kubernetes cluster has version v1.11.2 which is not supported
$ ./gardenctl ls seeds
Kubernetes cluster has version v1.11.2 which is not supported
Attitude of gratitude (AoG)
Thank you in advance for your help
gardenctl target
doesn't find best fit:
$ gardenctl ls shoots
projects:
- project: garden-core
shoots:
- vl-canary
- vl-dev
- vl-live
- vl-staging
...
- project: garden-xyz
...
$ gardenctl target core
Shoot core not found
More problematic, it doesn't accept the actual project name (annotation at the namespace)
$ gardenctl target project core
No match for core
One has to write the full namespace name:
$ gardenctl target garden-core
$ gardenctl get target
target:
- kind: garden
name: dev
- kind: project
name: garden-core
It would be great, if the matcher would have found the "right" target right away, but certainly gardenctl
should find the project by annotation (or without the garden-
prefix, which would be less clean). See:
$ k get ns garden-core -o yaml
apiVersion: v1
kind: Namespace
metadata:
annotations:
project.garden.sapcloud.io/description: Core project exclusively used by the core
team
project.garden.sapcloud.io/owner: [email protected]
project.garden.sapcloud.io/purpose: Core project exclusively used by the core
team to host its shoot clusters.
labels:
garden.sapcloud.io/role: project
project.garden.sapcloud.io/name: core
name: garden-core
spec:
finalizers:
- kubernetes
status:
phase: Active
When trying to use gardenctl kubectl
I ended up in the gromit
cluster, which is a pretty dangerous thing to happen:
$ gardenctl get target
target:
- kind: garden
name: prod
- kind: project
name: garden-sap-et
- kind: shoot
name: poc1
$ gardenctl kubectl get nodes
NAME STATUS ROLES AGE VERSION
gromit-garden-master-0 Ready master 139d v1.7.6+coreos.0
gromit-garden-master-1 Ready master 139d v1.7.6+coreos.0
gromit-garden-master-2 Ready master 139d v1.7.6+coreos.0
gromit-garden-worker-0 Ready node 139d v1.7.3+coreos.0
gromit-garden-worker-1 Ready node 139d v1.7.3+coreos.0
Add a cmd to expose landscape information via a garden cluster.
Expose further landscape information (obligatory):
Describe the bug
gardenctl ssh does not work when jq
is not installed.
To Reproduce
Steps to reproduce the behavior:
$ gardenctl ssh <ip>
Downloaded id_rsa key
exit status 127
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Gardenctl Version (please complete the following information):
$ gardenctl version
gardenctl:
version : 0.9.0
build date : 2019-03-22
go version : go1.12
go compiler : gc
platform : darwin/amd64
Additional context
gardenctl should not rely on jq to be installed but should perform the logic with https://godoc.org/gopkg.in/yaml.v2 .
/cc @ialidzhikov
Is it possible to make versioned releases of gardenctl
and have a binary distribution. After the recent shoot namespace adaptation everyone in my team had to manually compile the binary, we've been thinking about compiling it for 3 main platforms (macos, linux and windows) and making it available internally.
It would be more beneficial for everyone if thats done on upstream.
The namespaces in the Garden clusters which are used as projects have the following labels:
metadata:
name: garden-my-project
labels:
garden.sapcloud.io/role: project
project.garden.sapcloud.io/name: my-project
The gardenctl target project
command expects to enter the name of the namespace, not the name of the project (gardenctl target project garden-my-project
instead of gardenctl target project my-project
).
Can we change that?
Recently in Kubernetes dashboard deprecated the /ui
redirect: kubernetes/kubernetes#53766
gardenctl show dashboard
still tries to open http://127.0.0.1:8002/ui
which is not valid anymore.
URL should now be:
http://localhost:8002/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
Describe the bug
Logs are combined from different clusters if they have the same name in different projects
To Reproduce
see our dev environment, cluster seed-az
Expected behavior
each directory should only contain logs for one single cluster
Screenshots
n/a
Gardenctl Version (please complete the following information):
Additional context
Using gardenctl logs operator
shows less than kubectl logs <operator-pod-name>
Expected behaviour: same output independent of used command
Adapt gardenctl register
and unregister
cmd to add or remove user from clusterrolebinding list.
( Changed fromgarden-administrators
clusterrolebinding to garden.sapcloud.io:system:administrators
clusterrolebinding which is exposed via the virtual apiserver)
Story:
The control plane of a shoot cluster named 'test' was deleted in the seed cluster.
So I wanted to check what resources are left in the IaaS account,
For this I executed:
$ gardenctl target shoot test
....
$ gardenctl gcloud compute instances list
error: secrets "gardener-sa" not found
The IaaS secret for the 'test' shoot cluster is still existing in the garden cluster, but it look like the gardenctl
tries to get it from the seed cluster, where it is deleted.
Describe the bug
gardenctl should have a way to print its version
To Reproduce
Steps to reproduce the behavior:
gardenctl
does not show any possible way to display its version.
Expected behavior
As gardenctl
user I would like to know which version I'm using by just issuing a gardenctl
command.
Example:
gardenctl version
(This is how version display is implemented on kubectl
and helm
)
Gardenctl Version (please complete the following information):
Additional context
Gardener informs its stakeholders in its CNCF CII Badge, that static code checks are applied by using Checkmarx. This repository has findings, which have to be assessed by the component owner(s). As required all prio high findings were already been immediately assessed. Please find the timeline until when to assess the remaining prio medium findings in the Wiki (restricted access). At the time being you can ignore the prio low findings. Please find background information and a link to the Checkmarx project for your repository in the Wiki (restricted access). In the Wiki (restricted access) you will as well find information how to get a Checkmarx user which is required to be able to do your assessment in the Checkmarx Web UI.
Adapt target function to match projects which does not contain a "garden-" prefix.
According to #3, this should be the (ticked, i.e. already implemented way?) to get to the seed information of the shoots within a project (it should group them by seeds, but still groups them by project):
$ gardenctl get target
target:
- kind: garden
name: dev
- kind: project
name: garden-core
$ gardenctl ls shoots
projects:
- project: garden-core
shoots:
- vl-canary
- vl-dev
- vl-live
- vl-staging
...
I just noticed that gardenctl
does not directly support the cluster autoscaler control plane component (e.g. to dig up logs). Could this be added, please?
Once it gets decided how to continue from here (plugin and gex discussion -> therefore this issue is icebox'ed ), let's include into the changes also an increased focus on:
When dropping a project, the response is surprising/wrong ("A seed is targetted", even though it never was and the resulting target is only a Garden cluster):
$ gardenctl get target
target:
- kind: garden
name: dev
- kind: project
name: garden-core
$ gardenctl drop project
A seed is targeted
$ gardenctl get target
target:
- kind: garden
name: dev
Extend the gardenctl show
cmd to open a kibana dashboard for the targeted cluster when called with kibana
argument.
Describe the bug
Gardenctl doesnt work on gardens deployed on 1.11 kubernetes clusters.
To Reproduce
Steps to reproduce the behavior:
gardenctl ls seeds
Kubernetes cluster has version v1.11.1 which is not supported
Expected behavior
gardenctl to operate on garden cluster.
Screenshots
$ gardenctl ls seeds
Kubernetes cluster has version v1.11.1 which is not supported
Gardenctl Version (please complete the following information):
As of k8s 1.8 kubectl
supports plugins.
As an end-user I would like to do:
$ kubectl --context=some-context --namespace=some-ns garden show prometheus
# or simply
$ kubectl garden show prometheus
# with gardencli using the current context I use and namespace.
This will allow for a quick debugging without the need to switch context, namespaces and etc every single time.
After I have targeted a garden->project->shoot, the show
command only works for the Gardener itself, but not for the control plane components in the seed or the vpn-shoot or dashboard:
For orientation:
$ g get target
target:
- kind: garden
name: dev
- kind: project
name: garden-core
- kind: shoot
name: d040949-os
OK:
$ g show operator
NAME READY STATUS RESTARTS AGE IP NODE
gardener-apiserver-6fff75758c-tf44k 1/1 Running 0 6d 10.241.133.219 garden-dev-worker-3
NAME READY STATUS RESTARTS AGE IP NODE
gardener-controller-manager-6549dc4b99-qqspw 1/1 Running 0 2d 10.241.131.16 garden-dev-worker-1
$ g show ui
NAME READY STATUS RESTARTS AGE IP NODE
gardener-dashboard-77d88dcb58-dklwx 1/1 Running 0 8d 10.241.130.243 garden-dev-worker-0
URL-1: https://dashboard.ingress.garden.dev.k8s.ondemand.com
URL-2: https://dashboard.garden.dev.k8s.ondemand.com
Not OK:
$ g show api
Error from server (NotFound): namespaces "shoot-core-d040949-os" not found
$ g show vpn-seed
Error from server (NotFound): namespaces "shoot-core-d040949-os" not found
$ g show vpn-shoot
Get https://api.d040949-os.core.shoot.dev.k8s-hana.ondemand.com/api/v1/namespaces/kube-system/pods: http2: server sent GOAWAY and closed the connection; LastStreamID=1, ErrCode=NO_ERROR, debug=""
$ g show dashboard
Get https://api.d040949-os.core.shoot.dev.k8s-hana.ondemand.com/api/v1/namespaces/kube-system/pods: net/http: TLS handshake timeout
Also, I was expecting to access the shoot with gardenctl kubectl ...
after I have targetted it, but I only see the Garden cluster resources.
when trying to register / unregister I see the error message
No email specified and no github url configured in garden config
It is not clear from the error message how the config should look like
Gardener informs its stakeholders in its CNCF CII Badge, that static code checks are applied by using Checkmarx. This repository has findings, which have to be assessed by the component owner(s). As required all prio high findings were already been immediately assessed. Please find the timeline until when to assess the remaining prio medium findings in the Wiki (restricted access). At the time being you can ignore the prio low findings. Please find background information and a link to the Checkmarx project for your repository in the Wiki (restricted access). In the Wiki (restricted access) you will as well find information how to get a Checkmarx user which is required to be able to do your assessment in the Checkmarx Web UI.
Is there a faster way to target a Shoot cluster other than
$ gardenctl target project <NAME>
$ gardenctl target shoot <NAME>
?
If not, can we have a faster way to do so?
Thanks.
Currently, gardenctl supports only k8s cluster version 1.6, 1.7 and 1.8.
When I execute gardenctl ls issues
against k8s cluster version 1.9, I got error
$ gardenctl get target
target:
- kind: garden
name: live
$ gardenctl ls issues
Kubernetes cluster has version 1.9 which is not supported
Thank you for providing gardenctl
. Here what I found out using it and how we can make it even better:
In general think about making all output (but the help) structured and think about allowing for format options like -o json
and -o yaml
(like kubectl
) and then we can again introduce a table/prose mode again, but we should have a technical output mode before that (e.g. yaml
in the beginning, see examples below)
Targeting projects missing completely, but that's more important for the operator than seeds (which can be automatically handled by gardenctl
as that's the scope our users work in
It would be convenient to support a form of gardenctl target
where users don't have to explicitly name the kind (gardenctl
should "guess" the kind project
, seed
, or shoot
if unambiguously possible, otherwise it should show the conflict and ask the user to name the kind explicitly):
.garden/config
:
gardenClusters:
- name: dev
kubeConfig: ~/clusters/garden-dev/kubeconfig.yaml
- name: prod
kubeConfig: ~/clusters/garden-prod/kubeconfig.yaml
gardenctl
should take the argument and compare it against all seeds, all projects, and all shoots*
wildcard, e.g. foo*
would match with foot
or foo-bar
, but not with my-foot
(*foo*
would match that as well).garden/config
) limit Introduce a command like gardenctl get [(garden|project|seed|shoot) <name>]
that shows the seed, project, or shoot resource (in yaml, similar to kubectl ... -o yaml
) as that's often already sufficient for an operator (if argument is omitted, show currently targeted resource):
Consider renaming gardenctl get (gardens|projects|seeds|shoots|issues)
into gardenctl ls (projects|seeds|shoots|issues)
, because that would feel more natural and wouldn't clash with get
(ok, kubectl
also uses get
for both use cases, but that always feels wrong and commands such as aws
or docker
and the like all have an ls
command)
When a garden, seed or shoot is targeted, show the location of the cached kubeconfig (for seeds and shoots), so that the user can immediately export it (e.g. even automatically within a bash alias/function, i.e. in a structured way), if he intends to work with that cluster from now on (instead of gardenctl kubeconfig -- ...
which is more verbose and lacks command line completion)
Do not duplicate kubeconfigs in .garden/cache/tmp
, but instead maintain the target as reference in e.g. in a file like .garden/target
that contains the following (which would make it possible for users to embed that in their PS1
variable/command prompt):
If only the garden cluster is in target, the file contains:
target:
- kind: garden
name: dev
If a project is in target, the file contains:
target:
- kind: garden
name: dev
- kind: project
name: foo-bar
If a seed is in target, the file contains:
target:
- kind: garden
name: dev
- kind: seed
name: seed-aws-eu1
If a shoot is in target and the user reached it via a project, the file contains:
target:
- kind: garden
name: dev
- kind: project
name: foo-bar
- kind: shoot
name: cl-54321
If a shoot is in target and the user reached it via a seed, the file contains:
target:
- kind: garden
name: dev
- kind: seed
name: seed-aws-eu1
- kind: shoot
name: cl-54321
If the user runs gardenctl drop
without a kind, the last entry from the target "stack" is "popped" until the target "stack" is empty (in which case gardenctl
should issue an error)
If the user runs gardenctl drop project
or gardenctl drop seed
while targeting a shoot, both project/seed and the shoot are "popped" from the target "stack"
Instead, gardenctl drop
is expecting some "target" right now (the concrete resource maybe, but why?) and the sub command help (like for many other sub commands) is completely missing and instead I get some "Cobra" hint:
> g drop
Command must be in the format: drop [target]
> g drop shoot
Command must be in the format: drop [target]
> g drop --help
A longer description that spans multiple lines and likely contains examples
and usage of using your command. For example:
Cobra is a CLI library for Go that empowers applications.
This application is a tool to generate the needed files
to quickly create a Cobra application.
Usage:
gardenctl drop [flags]
Global Flags:
--cache int activate 1 / deactivate 0 caching (default 1)
--config string config file (default is $HOME/.gardenctl.yaml)
Expected is the behaviour from above and proper sub command help for all sub commands.
Do not show the seed cluster namespace when listing shoots (e.g. shoot-garden-mitsubishi-clust4vora
), but depending on the target:
gardenctl ls shoots
(group rather by project than seed):projects:
- project: foo-bar
shoots:
- cl-12345
- project: john-doe
shoots:
- cl-54321
- project: some-thing
shoots:
- cl-thing
gardenctl ls shoots
:seeds:
- seed: seed-aws-eu1
shoots:
- cl-12345
- cl-54321
- seed: seed-aws-na1
shoots:
- cl-thing
gardenctl ls shoots
:projects:
- project: foo-bar
shoots:
- cl-12345
- project: john-doe
shoots:
- cl-54321
Do not hide IaaS CLI stdout/err, e.g. when launching the command wrongly, I don't know what went wrong:
> g aws s3 nonsense
panic: Please make sure to use a valid aws command
goroutine 1 [running]:
[callstack...]
Expected:
> aws s3 nonsense
usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]
To see help text, you can run:
aws help
aws <command> help
aws <command> <subcommand> help
aws: error: argument subcommand: Invalid choice, valid choices are:
ls | website
cp | mv
rm | sync
mb | rb
presign
The same also happens with kubectl
:
> g kubectl get nodes
panic: exit status 1
goroutine 1 [running]:
[callstack...]
Expected was the error message of kubectl
.
Generally, in case of expected (user) errors (like above or below), do not write a call stack (write a callstack only when something unanticipated happens, e.g. the program reaches its outermost catch block):
> $ g download tf shoot-garden-core-itpa-436 infra
panic: configmaps "itpa-436.infra.tf-config" not found <-- that is helpful
goroutine 1 [running]: <-- that is not helpful
[callstack...]
gardectl get all
as that's implicit if the user hasn't targeted any project or seed before anyhow with gardectl get shoots
gardenctl target direct
as that's not part of the spec #2 and confusing, because the word direct
is used to target shoots, but the word has no relation to that kindgarden target
: --garden|-g
, --project|-p
or --seed|-s
(never allow both, project and seed, at the same time)gardenctl get issues
more helpful (and faster if possible? why is it so slow?):
uid
and gardenOperator
and possibly later also other black-listed fields not helpful for this command)issues:
- project: foo-bar
seed: seed-aws-eu1
shoot: cl-54321
status:
lastError: "Failed to create Shoot cluster (Errors occurred during parallel execution:
'(CloudBotanist).DeployInfrastructure' returned 'Terraform execution job could
not be completed. The following issues have been found in the logs:\n\n-> Pod
'paj7wlu4tu.infra.tf-job-79984' reported:\n* aws_vpc.vpc: 1 error(s) occurred:\n*
aws_vpc.vpc: Error creating VPC: VpcLimitExceeded: The maximum number of VPCs
has been reached.\n\tstatus code: 400, request id: <omitted>')"
lastOperation:
description: "Failed to create Shoot cluster (Errors occurred during parallel
execution: '(CloudBotanist).DeployInfrastructure' returned 'Terraform execution
job could not be completed. The following issues have been found in the logs:\n\n->
Pod 'paj7wlu4tu.infra.tf-job-79984' reported:\n* aws_vpc.vpc: 1 error(s) occurred:\n*
aws_vpc.vpc: Error creating VPC: VpcLimitExceeded: The maximum number of VPCs
has been reached.\n\tstatus code: 400, request id: <omitted>')"
lastUpdateTime: 2017-12-05T10:01:15Z
progress: 36
state: Failed
type: Create
g download tf NAME infra
wasn't doing anything for me, it just endedg show vpn-seed
isn't showing all control plane pods that contain a vpn (sidecar) container (e.g. Prometheus needs the vpn (sidecar) container as well)g show (ui|dashboard)
isn't showing the pod information on the command line like g show (prometheus|grafana|alertmanager)
does (all show
sub commands should do that)g show ui
was opening the (singular) landing page, instead of opening the corresponding gardener UI by looking into the garden cluster (and then e.g. the ingress gardener-ingress
resource)g (show|logs) tf (infra|dns|ingress)
not yet implemented (watch out, a.) there may be many terraform pods, pick the latest/running and b.) terraform pods may alreadybe gone, when the operation completed)g logs operator
wasn't doing anything for me (when a shoot was in target), it just endedg logs operator
should show the operator logs filtered by the currently targeted shoot (I targeted the shoot cluster that appeared last in the full log)g logs dashboard
wasn't doing anything for me, it just endedg logs addon-manager
wasn't doing anything for me, it just endedg logs (prometheus|grafana|alertmanager)
failed with an exception right awaysave [config]
supposed to do/mean (not in spec #2)?--config string config file (default is $HOME/.gardenctl.yaml)
(not in spec #2) and use a default such as $HOME/.garden/config
or allow for an environment variable such as GARDENCONFIG
that points to said file; mention that in the help--cache int activate 1 / deactivate 0 caching (default 1)
(not in spec #2) and always cache unless user runs gardenctl
with the --no-cache
option; mention said option --no-cache
in the helpgardenctl kubectl
(can be, but doesn't necessarily have to be mentioned in the help if it would make it unreadable):
gardenctl k
substitutes gardenctl kubectl
gardenctl ks
substitutes gardenctl kubectl --namespace=kube-system
gardenctl ka
substitutes gardenctl kubectl --all-namespaces=true
Gardenctl
, which is incorrect (not the name of the command, which is case-sensitive)gardenctl
is actually doing:Usage:
gardenctl <command>
Available Commands:
ls (gardens|projects|seeds|shoots|issues) list all resource instances, e.g. list of shoots
target (garden|project|seed|shoot) <name> set scope for next operations
drop [(garden|project|seed|shoot)] drop scope for next operations (default: last target)
get [(garden|project|seed|shoot) <name>] get single resource instance, e.g. CRD of a shoot (default: current target)
download tf (infra|dns|ingress) download terraform configuration/state for local execution for the targeted shoot
show (operator|ui| show details about endpoint/service and open in Chrome if applicable
tf (infra|dns|ingress)| (tf sub commands require targeted shoot)
api|scheduler|controller-manager|etcd-operator|etcd-main|etcd-events|
addon-manager|vpn-seed|vpn-shoot|auto-node-repair|
dashboard|prometheus|grafana|alertmanager)
logs (operator|ui| show and optionally follow logs of given component
tf (infra|dns|ingress)| (tf sub commands require targeted shoot)
api|scheduler|controller-manager|etcd-operator|etcd-main|etcd-events|
addon-manager|vpn-seed|vpn-shoot|auto-node-repair|
dashboard|prometheus|grafana|alertmanager)
kubectl <args>
aws <args>
az <args>
gcloud <args>
openstack <args>
Available Options:
--no-cache do not cache KUBECONFIG files
-h, --help help for gardenctl
Use "gardenctl <command> --help" for more information about a given specific command.
Configuration and KUBECONFIG file cache located $GARDENCTL_HOME or ~/.garden (default).
This is a minor issue that I noticed when I first installed gardenctl on my Mac. After building the tool, I typed
gardenctl
and got the following error message
panic: runtime error: index out of range
goroutine 1 [running]:
github.com/gardener/gardenctl/cmd.getGardenClusterKubeConfigFromConfig()
/Users/d047401/go/src/github.com/gardener/gardenctl/cmd/miscellaneous.go:47 +0x359
github.com/gardener/gardenctl/cmd.Execute()
/Users/d047401/go/src/github.com/gardener/gardenctl/cmd/root.go:62 +0x508
main.main()
/Users/d047401/go/src/github.com/gardener/gardenctl/gardenctl.go:20 +0x20
The reason for the error is that I was lacking a cluster entry in the gardenctl config file.
However, I would expect some nicer output, something like "You need to add a cluster config to your configuration before you can use the tool" rather than an out of bounds exception.
$ gardenctl get target
target:
- kind: garden
name: dev
- kind: seed
name: seed-openstack-dev
$ gardenctl show api
panic: runtime error: index out of range
goroutine 1 [running]:
github.com/gardener/gardenctl/cmd.showPod(0x1d3328f, 0xe, 0x1d2be90, 0x4)
/Users/d043832/go/src/github.com/gardener/gardenctl/cmd/show.go:153 +0x61d
github.com/gardener/gardenctl/cmd.showAPIServer()
/Users/d043832/go/src/github.com/gardener/gardenctl/cmd/show.go:173 +0x4b
github.com/gardener/gardenctl/cmd.glob..func14(0x2497f60, 0xc42031b6f0, 0x1, 0x1)
/Users/d043832/go/src/github.com/gardener/gardenctl/cmd/show.go:48 +0x39c
github.com/gardener/gardenctl/vendor/github.com/spf13/cobra.(*Command).execute(0x2497f60, 0xc42031b680, 0x1, 0x1, 0x2497f60, 0xc42031b680)
/Users/d043832/go/src/github.com/gardener/gardenctl/vendor/github.com/spf13/cobra/command.go:603 +0x22b
github.com/gardener/gardenctl/vendor/github.com/spf13/cobra.(*Command).ExecuteC(0x24965e0, 0x0, 0x0, 0x100000000000000)
/Users/d043832/go/src/github.com/gardener/gardenctl/vendor/github.com/spf13/cobra/command.go:689 +0x339
github.com/gardener/gardenctl/vendor/github.com/spf13/cobra.(*Command).Execute(0x24965e0, 0xc, 0x0)
/Users/d043832/go/src/github.com/gardener/gardenctl/vendor/github.com/spf13/cobra/command.go:648 +0x2b
github.com/gardener/gardenctl/cmd.Execute()
/Users/d043832/go/src/github.com/gardener/gardenctl/cmd/root.go:60 +0x4f8
main.main()
/Users/d043832/go/src/github.com/gardener/gardenctl/gardenctl.go:20 +0x20
How about adding direct support in gardectl
to ssh
into worker nodes? The ops guide (in the works, kb/ssh-to-aws-shoot-node.md) anyways describes a way that is no longer supported as Gardener doesn't create the bastion ASGs anymore for AWS (cc @plkokanov). GCP on the other hand, requires opening up firewall rules (ideally, gardenctl
closes them afterwards again).
E.g. on AWS we could now automate (based on input from @rfranzke):
gardenctl aws ec2 run-instances -- --iam-instance-profile Name=shoot-<project>-<cluster>-bastions --image-id ami-d0dcef3b --count 1 --instance-type t2.nano --key-name shoot-<project>-<cluster>-ssh-publickey --security-group-ids <securitygroup> --subnet-id <subnet> --associate-public-ip-address
and then ssh -i <(kubectl -n garden--<project> get secret <cluster>.ssh-keypair -o jsonpath={.data.id_rsa} | base64 -d) core@<bastion-public-ip>
P.S.: There is only a bug template, but I believe it's also OK to open feature requests, right? :-)
Add download function for VPN log files to ease the debugging of VPN problems on the different infrastructures.
Update to read Secret from SecretBinding Reference for Shoot Cluster instead of Secret directly.
Changed requirements due to trial clusters.
Describe the bug
gardenctl shell
and gardenctl ssh
don't work when the operating system on the nodes is JeOS.
To Reproduce
$ gardenctl version
gardenctl:
version : 0.10.0
build date : 2019-05-02
go version : go1.12.4
go compiler : gc
platform : darwin/amd64
$ gardenctl shell
ip-10-250-2-103.eu-central-1.compute.internal
$ gardenctl shell ip-10-250-2-103.eu-central-1.compute.internal
Error: node "ip-10-250-2-103.eu-central-1.compute.internal" not found
$ gardenctl ssh
Node ips:
- 10.250.2.103
$ gardenctl ssh 10.250.2.103
Downloaded id_rsa key
Creating bastion host
usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]
To see help text, you can run:
aws help
aws <command> help
aws <command> <subcommand> help
aws: error: argument --image-id: expected one argument
$
cluster is dev - core - dm-jeos3
Expected behavior
It should work
Screenshots
n/a
Gardenctl Version (please complete the following information):
see above
Additional context
Can we please brew gardenctl, so that Mac users can more easily install this tool? Or is that not worth the effort (single binary anyway) as we would have to maintain a tap, too?
When not having a config
, gardenctl
is not helping the user, even gardenctl -h
is not reachable, either:
$ gardenctl
open /Users/d043832/.garden/config: no such file or directory
$ gardenctl --help
open /Users/d043832/.garden/config: no such file or directory
Expected is to get to the help independent of the configuration file, ideally explaining what to do (without reading the README.md, that is not available locally if the user has not cloned the repo).
Read the kubeconfig and ssh secrets from garden cluster instead of seed cluster.
The secrets are synced in the garden cluster and can be accessed under <shoot-name>.<kubeconfig|ssh>
Moved from gardener/gardener#220 (@praveendhac)
Created new shoot cluster successfully. Saw segmentation error while setting target to Shoot cluster
gardenctl target shoot pd-shoot1-azure
Crash Trace
`panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0x11ef756]
goroutine 1 [running]:
github.com/gardener/gardenctl/vendor/github.com/sirupsen/logrus.(*Logger).level(...)
/Users/pdarshanam/go/src/github.com/gardener/gardenctl/vendor/github.com/sirupsen/logrus/logger.go:312
github.com/gardener/gardenctl/vendor/github.com/sirupsen/logrus.(*Logger).Debugf(0x0, 0x1cf383d, 0x64, 0xc42051bc30, 0x1, 0x1)
/Users/pdarshanam/go/src/github.com/gardener/gardenctl/vendor/github.com/sirupsen/logrus/logger.go:116 +0x26
github.com/gardener/gardenctl/vendor/github.com/gardener/gardener/pkg/client/kubernetes.newKubernetesClient(0xc4200f0000, 0xc420106b40, 0x1da60c0, 0xc4200caaf0, 0x50, 0xc4200f0000, 0x0, 0x0)
/Users/pdarshanam/go/src/github.com/gardener/gardenctl/vendor/github.com/gardener/gardener/pkg/client/kubernetes/client.go:139 +0x354
github.com/gardener/gardenctl/vendor/github.com/gardener/gardener/pkg/client/kubernetes.newClientSet(0xc4200f0000, 0x1da60c0, 0xc4200caaf0, 0x0, 0xc4200f0000, 0xc4200d4d20, 0xc4206a40c0)
/Users/pdarshanam/go/src/github.com/gardener/gardenctl/vendor/github.com/gardener/gardener/pkg/client/kubernetes/client.go:88 +0x7f
github.com/gardener/gardenctl/vendor/github.com/gardener/gardener/pkg/client/kubernetes.NewClientFromFile(0xc4202b2f20, 0x1e, 0xc4200d4d20, 0x0, 0x0, 0x0)
/Users/pdarshanam/go/src/github.com/gardener/gardenctl/vendor/github.com/gardener/gardener/pkg/client/kubernetes/client.go:45 +0x17d
github.com/gardener/gardenctl/cmd.getSeedForProject(0xc42040e120, 0xf, 0xc4206a40c0, 0x1012009)
/Users/pdarshanam/go/src/github.com/gardener/gardenctl/cmd/target.go:626 +0xa7
github.com/gardener/gardenctl/cmd.getKubeConfigOfClusterType(0x1cad619, 0x4, 0x19, 0xc4202b21e0)
/Users/pdarshanam/go/src/github.com/gardener/gardenctl/cmd/target.go:656 +0x105
github.com/gardener/gardenctl/cmd.clientToTarget(0x1cad619, 0x4, 0x1cae294, 0x7, 0x0)
/Users/pdarshanam/go/src/github.com/gardener/gardenctl/cmd/miscellaneous.go:77 +0x56d
github.com/gardener/gardenctl/cmd.targetShoot(0xc420260b70, 0xf)
/Users/pdarshanam/go/src/github.com/gardener/gardenctl/cmd/target.go:595 +0x1992
github.com/gardener/gardenctl/cmd.glob..func17(0x2451180, 0xc42019dee0, 0x2, 0x2)
/Users/pdarshanam/go/src/github.com/gardener/gardenctl/cmd/target.go:121 +0x13ed
github.com/gardener/gardenctl/vendor/github.com/spf13/cobra.(*Command).execute(0x2451180, 0xc42019de20, 0x2, 0x2, 0x2451180, 0xc42019de20)
/Users/pdarshanam/go/src/github.com/gardener/gardenctl/vendor/github.com/spf13/cobra/command.go:702 +0x2c6
github.com/gardener/gardenctl/vendor/github.com/spf13/cobra.(*Command).ExecuteC(0x244f1a0, 0x0, 0x0, 0x100000000000028)
/Users/pdarshanam/go/src/github.com/gardener/gardenctl/vendor/github.com/spf13/cobra/command.go:783 +0x2e4
github.com/gardener/gardenctl/vendor/github.com/spf13/cobra.(*Command).Execute(0x244f1a0, 0x20, 0xc42003fdc0)
/Users/pdarshanam/go/src/github.com/gardener/gardenctl/vendor/github.com/spf13/cobra/command.go:736 +0x2b
github.com/gardener/gardenctl/cmd.Execute()
/Users/pdarshanam/go/src/github.com/gardener/gardenctl/cmd/root.go:64 +0x56b
main.main()
/Users/pdarshanam/go/src/github.com/gardener/gardenctl/gardenctl.go:20 +0x20 `
Project list
`$ gardenctl ls projects
projects:
The command sometimes throws secret not found error
$ gardenctl target shoot pd-shoot1-azure secrets "kubecfg" not found
Could not reproduce the crash consistently.
Extend gardenctl ssh
cmd to work with shoot cluster on alibaba cloud.
Since gardener/gardener#552, Gardener reports a Shoot's healthiness additionally via the shoot.garden.sapcloud.io/status
label. The old (shoot.garden.sapcloud.io/unhealthy
) label is still there but is deprecated and will be removed in the future. gardenctl
should adapt and use the new status
label with its current three distinct values healthy
, unhealthy
and progressing
(maybe in accordance with how the dashboard does it?).
gardenctl ls
shows:
Command must be in the format: ls [issues|projects|gardens|seeds|shoots]
Maybe this order is more logical:
Command must be in the format: ls [gardens|projects|seeds|shoots|issues]
Gardenctl should look for a virtual garden cluster apiserver in the garden
namespace if available and use it.
Describe the bug
Gardenctl doesn't work with AAD+RABAC enabled AKS cluste with regular user credentials (user has the cluster-admin
ClusterRole
assigned).
$ gardenctl ls shoots
No Auth Provider found for name "azure"
To Reproduce
Steps to reproduce the behavior:
az aks get-credentials -g myAKSCluster -n myAKSCluster --admin -f ~/.kube/myAKSCluster.config
env KUBECONFIG=~/.kube/myAKSCluster.config kubectl create clusterrolebinding my-user-is-cluster-admin --user [email protected] --clusterrole cluster-admin
az aks get-credentials -g myAKSCluster -n myAKSCluster -f ~/.kube/myAKSCluster.config
$ cat <<EOF >> ~/.garden/config
- name: myAKSCluster
kubeConfig: ~/.kube/myAKSCluster.config
EOF
$ env KUBECONFIG=~/.kube/myAKSCluster.config kubectl get svc
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code DRP2MRQYZ to authenticate.
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 2d
gardenctl
can reach the garden cluster:$ gardenctl ls gardens
gardenClusters:
- name: msa-dev
$ gardenctl target garden msa-dev
KUBECONFIG=/Users/user/.kube/myAKSCluster.config
$ gardenctl ls seeds
No Auth Provider found for name "azure"
Expected behavior
gardenctl ls seeds
should ask me to login to Azure AAD domain.
Gardenctl Version (please complete the following information):
commit b21b4bde14663faee381697cb1d93a8b53a3e81a
Author: Sebastian Stauch <[email protected]>
Date: Fri Jun 8 12:29:35 2018 +0200
With gardener/gardener#930 the AMI is no longer part of the CloudProfile resource.
gardenctl was relying on it during gardenctl ssh
to determine the --image-id
of the bastion vm.
$ gardenctl ssh <ip>
Downloaded id_rsa key
Creating bastion host
usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]
To see help text, you can run:
aws help
aws <command> help
aws <command> <subcommand> help
aws: error: argument --image-id: expected one argument
Describe the bug
I'd like to be able to connect to gardener cluster installed on GKE. Right now it's not possible because of such error when I do gardenctl ls projects
:
No Auth Provider found for name "gcp"
To Reproduce
Steps to reproduce the behavior:
~/.garden/config
etcgardenctl ls projects
Expected behavior
I will see list of projects
Screenshots
If applicable, add screenshots to help explain your problem.
Gardenctl Version (please complete the following information):
Additional context
Add any other context about the problem here.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.