get kubeconfig is not found

[monotok]

Hello,

This project was exactly what I was looking for but I can't get it to work. Basically follow the first few steps and everything is fine.

kubectl apply -f https://raw.githubusercontent.com/ibuildthecloud/klum/master/deploy.yaml

Create the below file.

kind: User
apiVersion: klum.cattle.io/v1alpha1
metadata:
  name: chris

Apply with:
kubectl apply -f create_user_chris.yml

Then get the kubeconfig.

kubectl get kubeconfig chris -o json | jq .spec > kubeconfig

Error from server (NotFound): kubeconfigs.klum.cattle.io "chris" not found

[arw-thomasm]

Hi,

same issue here:

$ k version --short
Flag --short has been deprecated, and will be removed in the future. The --short output will become the default.
Client Version: v1.25.2
Kustomize Version: v4.5.7
Server Version: v1.25.2

$ cat users.yml 
kind: User
apiVersion: klum.cattle.io/v1alpha1
metadata:
  name: demo-user
spec:
  roles:
  - namespace: demo
    clusterRole: admin
$ k apply -f users.yml
user.klum.cattle.io/demo-user created

$ k get users
NAME        AGE
demo-user   6m30s

$ k get kubeconfigs.klum.cattle.io --all-namespaces
No resources found

Maybe this has something to do with a change in 1.24, since then service account tokens are not created automatically anymore.

See this for further information.

It would be great, if you can fix this.

Thanks!

[PhilipSchmid]

Any update on this?

Did someone of you find an easy workaround? Edit: I used this dirty workaround: Simply create K8s secrets of type kubernetes.io/service-account-token for the just created Klum User CRs and the Klum operator will shortly after be able to generate the Kubeconfig CRs:

for i in (seq 1 $MAX_USERS)
echo "
kind: User
apiVersion: klum.cattle.io/v1alpha1
metadata:
  name: user$i
spec:
  clusterRoles:
  - view
  roles:
  - namespace: user$i
    clusterRole: admin
" | kubectl apply -f-
echo "
apiVersion: v1
kind: Secret
metadata:
  name: user$i
  namespace: klum
  annotations:
    kubernetes.io/service-account.name: user$i
type: kubernetes.io/service-account-token
" | kubectl apply -f-
end

Inspired by https://stackoverflow.com/questions/72256006/service-account-secret-is-not-listed-how-to-fix-it

Thanks & regards,
Philip

[zlodes]

Hi! Same with k3s-based cluster.

Klum won't create (or cannot) secrets. Just created secret for ServiceAccount by @PhilipSchmid suggestion and kubeconfig created.

[k11h-de]

First, thanks a lot for klum and your effort!

Is there any chance to add this secret creation to the klum logic in case k8s >= 1.24 is detected?

Cheers Karsten

[jadolg]

This works for me.
@ibuildthecloud wdyt?

[k11h-de]

@ibuildthecloud First, thanks a lot for your effort.
do you see any chance to comment on this issue?

[jadolg]

@k11h-de I believe @ibuildthecloud does not intend to work on this project anymore.
I decided to go ahead and continue working on my fork (That's why I closed the PR).
Feel free to jump over https://github.com/jadolg/klum

[k11h-de]

@jadolg Thanks a lot for your fixes and ongoing development on the code base.