From 8f703f5509db20cd17cec904e3dbcac80b8c8c91 Mon Sep 17 00:00:00 2001 From: Ciprian Hacman Date: Fri, 17 Mar 2023 06:51:26 +0200 Subject: [PATCH] Fix behaviour for `kops export kubeconfig --internal` --- pkg/kubeconfig/create_kubecfg.go | 46 +++++++++++++-------------- pkg/kubeconfig/create_kubecfg_test.go | 32 +++++++++++++++++++ 2 files changed, 55 insertions(+), 23 deletions(-) diff --git a/pkg/kubeconfig/create_kubecfg.go b/pkg/kubeconfig/create_kubecfg.go index 2c95968ea2..1b151ac74e 100644 --- a/pkg/kubeconfig/create_kubecfg.go +++ b/pkg/kubeconfig/create_kubecfg.go @@ -45,34 +45,34 @@ func BuildKubecfg(ctx context.Context, cluster *kops.Cluster, keyStore fi.Keysto } else { server = "https://api." + clusterName } - } - // If a load balancer exists we use it, except for when an SSL certificate is set. - // This should avoid a lot of pain with DNS pre-creation. - if cluster.Spec.API.LoadBalancer != nil && (cluster.Spec.API.LoadBalancer.SSLCertificate == "" || admin != 0) { - ingresses, err := cloud.GetApiIngressStatus(cluster) - if err != nil { - return nil, fmt.Errorf("error getting ingress status: %v", err) - } + // If a load balancer exists we use it, except for when an SSL certificate is set. + // This should avoid a lot of pain with DNS pre-creation. + if cluster.Spec.API.LoadBalancer != nil && (cluster.Spec.API.LoadBalancer.SSLCertificate == "" || admin != 0) { + ingresses, err := cloud.GetApiIngressStatus(cluster) + if err != nil { + return nil, fmt.Errorf("error getting ingress status: %v", err) + } - var targets []string - for _, ingress := range ingresses { - if ingress.Hostname != "" { - targets = append(targets, ingress.Hostname) + var targets []string + for _, ingress := range ingresses { + if ingress.Hostname != "" { + targets = append(targets, ingress.Hostname) + } + if ingress.IP != "" { + targets = append(targets, ingress.IP) + } } - if ingress.IP != "" { - targets = append(targets, ingress.IP) - } - } - sort.Strings(targets) - if len(targets) == 0 { - klog.Warningf("Did not find API endpoint; may not be able to reach cluster") - } else { - if len(targets) != 1 { - klog.Warningf("Found multiple API endpoints (%v), choosing arbitrarily", targets) + sort.Strings(targets) + if len(targets) == 0 { + klog.Warningf("Did not find API endpoint; may not be able to reach cluster") + } else { + if len(targets) != 1 { + klog.Warningf("Found multiple API endpoints (%v), choosing arbitrarily", targets) + } + server = "https://" + targets[0] } - server = "https://" + targets[0] } } diff --git a/pkg/kubeconfig/create_kubecfg_test.go b/pkg/kubeconfig/create_kubecfg_test.go index ed700f98d9..e8338f74bb 100644 --- a/pkg/kubeconfig/create_kubecfg_test.go +++ b/pkg/kubeconfig/create_kubecfg_test.go @@ -343,6 +343,38 @@ func TestBuildKubecfg(t *testing.T) { }, wantClientCert: true, }, + { + name: "Test Kube Config Data for Public cluster with admin and internal option", + args: args{ + cluster: publicCluster, + status: fakeStatus, + admin: DefaultKubecfgAdminLifetime, + internal: true, + }, + want: &KubeconfigBuilder{ + Context: "testcluster", + Server: "https://api.internal.testcluster", + CACerts: []byte(nextCertificate + certData), + User: "testcluster", + }, + wantClientCert: true, + }, + { + name: "Test Kube Config Data for Public cluster without admin and with internal option", + args: args{ + cluster: publicCluster, + status: fakeStatus, + admin: 0, + internal: true, + }, + want: &KubeconfigBuilder{ + Context: "testcluster", + Server: "https://api.internal.testcluster", + CACerts: []byte(nextCertificate + certData), + User: "testcluster", + }, + wantClientCert: false, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) {