diff --git a/src/config.ts b/src/config.ts index d41843e9cd8..0114b5f9ea8 100644 --- a/src/config.ts +++ b/src/config.ts @@ -211,6 +211,12 @@ export class KubeConfig { const clusterName = 'inCluster'; const userName = 'inClusterUser'; const contextName = 'inClusterContext'; + const tokenFile = process.env.TOKEN_FILE_PATH + ? process.env.TOKEN_FILE_PATH + : `${pathPrefix}${Config.SERVICEACCOUNT_TOKEN_PATH}`; + const caFile = process.env.KUBERNETES_CA_FILE_PATH + ? process.env.KUBERNETES_CA_FILE_PATH + : `${pathPrefix}${Config.SERVICEACCOUNT_CA_PATH}`; let scheme = 'https'; if (port === '80' || port === '8080' || port === '8001') { @@ -226,7 +232,7 @@ export class KubeConfig { this.clusters = [ { name: clusterName, - caFile: `${pathPrefix}${Config.SERVICEACCOUNT_CA_PATH}`, + caFile, server: `${scheme}://${serverHost}:${port}`, skipTLSVerify: false, }, @@ -237,7 +243,7 @@ export class KubeConfig { authProvider: { name: 'tokenFile', config: { - tokenFile: `${pathPrefix}${Config.SERVICEACCOUNT_TOKEN_PATH}`, + tokenFile, }, }, }, diff --git a/src/config_test.ts b/src/config_test.ts index 79243385ca0..6b987c0d184 100644 --- a/src/config_test.ts +++ b/src/config_test.ts @@ -152,6 +152,93 @@ describe('KubeConfig', () => { }); }); + describe('loadFromCluster', () => { + let originalTokenPath: string | undefined; + let originalCaFilePath: string | undefined; + + before(() => { + originalTokenPath = process.env['TOKEN_FILE_PATH']; + originalCaFilePath = process.env['KUBERNETES_CA_FILE_PATH']; + + delete process.env['TOKEN_FILE_PATH']; + delete process.env['KUBERNETES_CA_FILE_PATH']; + }); + + after(() => { + delete process.env['TOKEN_FILE_PATH']; + delete process.env['KUBERNETES_CA_FILE_PATH']; + + if (originalTokenPath) { + process.env['TOKEN_FILE_PATH'] = originalTokenPath; + } + + if (originalCaFilePath) { + process.env['KUBERNETES_CA_FILE_PATH'] = originalCaFilePath; + } + }); + + it('should load from default env vars', () => { + const kc = new KubeConfig(); + const cluster = { + name: 'inCluster', + server: 'https://undefined:undefined', + skipTLSVerify: false, + caFile: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt', + } as Cluster; + + const user = { + authProvider: { + name: 'tokenFile', + config: { + tokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', + }, + }, + name: 'inClusterUser', + } as User; + + kc.loadFromCluster(); + + const clusterOut = kc.getCurrentCluster(); + + expect(cluster).to.deep.equals(clusterOut); + + const userOut = kc.getCurrentUser(); + expect(userOut).to.deep.equals(user); + }); + + it('should support custom token file path', () => { + const kc = new KubeConfig(); + process.env['TOKEN_FILE_PATH'] = '/etc/tokenFile'; + process.env['KUBERNETES_CA_FILE_PATH'] = '/etc/ca.crt'; + + const cluster = { + name: 'inCluster', + server: 'https://undefined:undefined', + skipTLSVerify: false, + caFile: '/etc/ca.crt', + } as Cluster; + + const user = { + authProvider: { + name: 'tokenFile', + config: { + tokenFile: '/etc/tokenFile', + }, + }, + name: 'inClusterUser', + } as User; + + kc.loadFromCluster(); + + const clusterOut = kc.getCurrentCluster(); + + expect(cluster).to.deep.equals(clusterOut); + + const userOut = kc.getCurrentUser(); + expect(userOut).to.deep.equals(user); + }); + }); + describe('clusterConstructor', () => { it('should load from options', () => { const cluster = {