Merge pull request #17494 from justinsb/use_kubeconfig

Introduce flag use-kubeconfig which allows loading from the local kubeconfig
2025-07-12 13:51:47 -07:00 · 2025-07-12 13:51:47 -07:00 · cd69582a51
parent ac33de5193 be5c325918
commit cd69582a51
10 changed files with 65 additions and 4 deletions
--- a/cmd/kops/export_kubeconfig.go
+++ b/cmd/kops/export_kubeconfig.go
@ -98,7 +98,7 @@ func NewCmdExportKubeconfig(f *util.Factory, out io.Writer) *cobra.Command {
 	cmd.Flags().BoolVar(&options.Internal, "internal", options.Internal, "Use the cluster's internal DNS name")
 	cmd.Flags().BoolVar(&options.UseKopsAuthenticationPlugin, "auth-plugin", options.UseKopsAuthenticationPlugin, "Use the kOps authentication plugin")

-	options.CreateKubecfgOptions.AddCommonFlags(cmd.Flags())
+	options.CreateKubecfgOptions.AddFlagsForExport(cmd.Flags())

 	return cmd
 }
--- a/cmd/kops/update_cluster.go
+++ b/cmd/kops/update_cluster.go
@ -412,6 +412,10 @@ func RunUpdateCluster(ctx context.Context, f *util.Factory, out io.Writer, c *Up
 		}
 		firstRun = !hasKubeconfig

+		if c.CreateKubecfgOptions.UseKubeconfig {
+			klog.Infof("hint: passing --create-kube-config=true causes the kubeconfig to be overwritten, you may not want to use this flag with --use-kubeconfig=false")
+		}
+
 		klog.Infof("Exporting kubeconfig for cluster")

 		conf, err := kubeconfig.BuildKubecfg(
--- a/cmd/kops/util/factory.go
+++ b/cmd/kops/util/factory.go
@ -25,6 +25,7 @@ import (
 	"sync"

 	"k8s.io/apimachinery/pkg/util/validation/field"
+	"k8s.io/cli-runtime/pkg/genericclioptions"
 	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
@ -188,15 +189,19 @@ func (f *clusterInfo) RESTConfig(ctx context.Context) (*rest.Config, error) {
 			return nil, err
 		}

-		restConfig.UserAgent = "kops"
-		restConfig.Burst = 50
-		restConfig.QPS = 20
+		configureRESTConfig(restConfig)

 		f.cachedRESTConfig = restConfig
 	}
 	return f.cachedRESTConfig, nil
 }

+func configureRESTConfig(restConfig *rest.Config) {
+	restConfig.UserAgent = "kops"
+	restConfig.Burst = 50
+	restConfig.QPS = 20
+}
+
 func (f *Factory) HTTPClient(restConfig *rest.Config) (*http.Client, error) {
 	return rest.HTTPClientFor(restConfig)
 }
@ -272,6 +277,31 @@ func (f *Factory) buildRESTConfig(ctx context.Context, cluster *kops.Cluster, op
 		options.Admin = kubeconfig.DefaultKubecfgAdminLifetime
 	}

+	if options.UseKubeconfig {
+		// Get the kubeconfig from the context
+		klog.Infof("--use-kubeconfig is set; loading connectivity information from kubeconfig (instead of generating it)")
+
+		clusterName := cluster.ObjectMeta.Name
+
+		clientGetter := genericclioptions.NewConfigFlags(true)
+		contextName := clusterName
+		clientGetter.Context = &contextName
+
+		restConfig, err := clientGetter.ToRESTConfig()
+		if err != nil {
+			return nil, fmt.Errorf("loading kubecfg settings for %q: %w", clusterName, err)
+		}
+
+		configureRESTConfig(restConfig)
+
+		if options.OverrideAPIServer != "" {
+			klog.Infof("overriding API server with %q", options.OverrideAPIServer)
+			restConfig.Host = options.OverrideAPIServer
+		}
+
+		return restConfig, nil
+	}
+
 	conf, err := kubeconfig.BuildKubecfg(
 		ctx,
 		cluster,
--- a/docs/cli/kops_delete_instance.md
+++ b/docs/cli/kops_delete_instance.md
@ -37,6 +37,7 @@ kops delete instance INSTANCE|NODE [flags]
  -h, --help                          help for instance
      --post-drain-delay duration     Time to wait after draining each node (default 5s)
      --surge                         Surge by detaching the node from the ASG before deletion (default true)
+      --use-kubeconfig                Use the server endpoint from the local kubeconfig instead of inferring from cluster name
      --validate-count int32          Number of times that a cluster needs to be validated after single node update (default 2)
      --validation-timeout duration   Maximum time to wait for a cluster to validate (default 15m0s)
  -y, --yes                           Specify --yes to immediately delete the instance
--- a/docs/cli/kops_get_instances.md
+++ b/docs/cli/kops_get_instances.md
@ -21,6 +21,7 @@ kops get instances [CLUSTER] [flags]
 ```
      --api-server string   Override the API server used when communicating with the cluster kube-apiserver
  -h, --help                help for instances
+      --use-kubeconfig      Use the server endpoint from the local kubeconfig instead of inferring from cluster name
 ```

 ### Options inherited from parent commands
--- a/docs/cli/kops_rolling-update_cluster.md
+++ b/docs/cli/kops_rolling-update_cluster.md
@ -74,6 +74,7 @@ kops rolling-update cluster [CLUSTER] [flags]
  -i, --interactive                       Prompt to continue after each instance is updated
      --node-interval duration            Time to wait between restarting worker nodes (default 15s)
      --post-drain-delay duration         Time to wait after draining each node (default 5s)
+      --use-kubeconfig                    Use the server endpoint from the local kubeconfig instead of inferring from cluster name
      --validate-count int32              Number of times that a cluster needs to be validated after single node update (default 2)
      --validation-timeout duration       Maximum time to wait for a cluster to validate (default 15m0s)
  -y, --yes                               Perform rolling update immediately; without --yes rolling-update executes a dry-run
--- a/docs/cli/kops_toolbox_enroll.md
+++ b/docs/cli/kops_toolbox_enroll.md
@ -29,6 +29,7 @@ kops toolbox enroll [CLUSTER] [flags]
      --instance-group string   Name of instance-group to join
      --ssh-port int            port for ssh (default 22)
      --ssh-user string         user for ssh (default "root")
+      --use-kubeconfig          Use the server endpoint from the local kubeconfig instead of inferring from cluster name
 ```

 ### Options inherited from parent commands
--- a/docs/cli/kops_update_cluster.md
+++ b/docs/cli/kops_update_cluster.md
@ -40,6 +40,7 @@ kops update cluster [CLUSTER] [flags]
      --prune                          Delete old revisions of cloud resources that were needed during an upgrade
      --ssh-public-key string          SSH public key to use (deprecated: use kops create secret instead)
      --target target                  Target - "direct", "terraform" (default direct)
+      --use-kubeconfig                 Use the server endpoint from the local kubeconfig instead of inferring from cluster name
      --user string                    Existing user in kubeconfig file to use.  Implies --create-kube-config
  -y, --yes                            Create cloud resources, without --yes update is in dry run mode
 ```
--- a/docs/cli/kops_validate_cluster.md
+++ b/docs/cli/kops_validate_cluster.md
@ -35,6 +35,7 @@ kops validate cluster [CLUSTER] [flags]
      --interval duration   Time in duration to wait between validation attempts (default 10s)
      --kubeconfig string   Path to the kubeconfig file
  -o, --output string       Output format. One of json|yaml|table. (default "table")
+      --use-kubeconfig      Use the server endpoint from the local kubeconfig instead of inferring from cluster name
      --wait duration       Amount of time to wait for the cluster to become ready
 ```

--- a/pkg/kubeconfig/create_kubecfg.go
+++ b/pkg/kubeconfig/create_kubecfg.go
@ -52,12 +52,33 @@ type CreateKubecfgOptions struct {

 	// UseKopsAuthenticationPlugin controls whether we should use the kOps auth helper instead of a static credential
 	UseKopsAuthenticationPlugin bool
+
+	// UseKubeconfig controls whether to use the local kubeconfig instead of generating a new one.
+	// See issue https://github.com/kubernetes/kops/issues/17262
+	UseKubeconfig bool
 }

 // AddCommonFlags adds the common flags to the flagset
 // These are the flags that are used when building an internal connection to the cluster.
+// For the export command, we don't want to expose the use-kubeconfig flag, use AddFlagsForExport instead.
 func (o *CreateKubecfgOptions) AddCommonFlags(flagset *pflag.FlagSet) {
+	o.addCommonFlags(flagset, false)
+}
+
+// AddFlagsForExport adds the common flags to the flagset
+// This is used by the export command to avoid exposing the use-kubeconfig flag.
+func (o *CreateKubecfgOptions) AddFlagsForExport(flagset *pflag.FlagSet) {
+	o.addCommonFlags(flagset, true)
+}
+
+// addCommonFlags adds the flags to the flagset
+// These are the flags that are used when building an internal connection to the cluster.
+// If forExport is true, the flagset is used for the export command, and we don't want to expose the use-kubeconfig flag.
+func (o *CreateKubecfgOptions) addCommonFlags(flagset *pflag.FlagSet, forExport bool) {
 	flagset.StringVar(&o.OverrideAPIServer, "api-server", o.OverrideAPIServer, "Override the API server used when communicating with the cluster kube-apiserver")
+	if !forExport {
+		flagset.BoolVar(&o.UseKubeconfig, "use-kubeconfig", o.UseKubeconfig, "Use the server endpoint from the local kubeconfig instead of inferring from cluster name")
+	}
 }

 func BuildKubecfg(ctx context.Context, cluster *kops.Cluster, keyStore fi.KeystoreReader, secretStore fi.SecretStore, cloud fi.Cloud, options CreateKubecfgOptions, kopsStateStore string) (*KubeconfigBuilder, error) {