Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[k8s] Exec auth support on k8s #4544

Draft
wants to merge 4 commits into
base: master
Choose a base branch
from
Draft

[k8s] Exec auth support on k8s #4544

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
4b7eb8c
wip
weih1121 Jan 7, 2025
885e527
wip
weih1121 Jan 8, 2025
20f99d3
wip
weih1121 Jan 8, 2025
5615991
Merge branch 'master' into dev/hong/exec-auth-k8s
weih1121 Jan 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions sky/clouds/gcp.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,8 @@
~/google-cloud-sdk/install.sh -q >> {_GCLOUD_INSTALLATION_LOG} 2>&1 && \
echo "source ~/google-cloud-sdk/path.bash.inc > /dev/null 2>&1" >> ~/.bashrc && \
source ~/google-cloud-sdk/path.bash.inc >> {_GCLOUD_INSTALLATION_LOG} 2>&1; }}; }} && \
gcloud components install kubectl --quiet >> {_GCLOUD_INSTALLATION_LOG} 2>&1 && \
gke-gcloud-auth-plugin --version >> {_GCLOUD_INSTALLATION_LOG} 2>&1 && \
popd &>/dev/null'

# TODO(zhwu): Move the default AMI size to the catalog instead.
Expand Down
12 changes: 1 addition & 11 deletions sky/clouds/kubernetes.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,17 +93,7 @@ def _unsupported_features_for_resources(
context = resources.region
if context is None:
context = kubernetes_utils.get_current_kube_config_context_name()
# Features to be disabled for exec auth
is_exec_auth, message = kubernetes_utils.is_kubeconfig_exec_auth(
context)
if is_exec_auth:
assert isinstance(message, str), message
# Controllers cannot spin up new pods with exec auth.
unsupported_features[
clouds.CloudImplementationFeatures.HOST_CONTROLLERS] = message
# Pod does not have permissions to terminate itself with exec auth.
unsupported_features[
clouds.CloudImplementationFeatures.AUTO_TERMINATE] = message

# Allow spot instances if supported by the cluster
spot_label_key, _ = kubernetes_utils.get_spot_label(context)
if spot_label_key is not None:
Expand Down
16 changes: 12 additions & 4 deletions sky/provision/kubernetes/utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2249,10 +2249,18 @@ def set_autodown_annotations(handle: 'backends.CloudVmRayResourceHandle',
def get_context_from_config(provider_config: Dict[str, Any]) -> Optional[str]:
context = provider_config.get('context',
get_current_kube_config_context_name())
if context == kubernetes.in_cluster_context_name():
# If the context (also used as the region) is in-cluster, we need to
# we need to use in-cluster auth by setting the context to None.
context = None
remote_identities = skypilot_config.get_nested(
('kubernetes', 'remote_identity'), None)
local_credentials_value = schemas.RemoteIdentityOptions.LOCAL_CREDENTIALS.value # pylint: disable=line-too-long
use_local_credentials = (remote_identities is not None and
remote_identities == local_credentials_value)
if use_local_credentials:
return context
else:
if context == kubernetes.in_cluster_context_name():
# If the context (also used as the region) is in-cluster, we need to
# we need to use in-cluster auth by setting the context to None.
context = None
return context


Expand Down
Loading