GetClusterConfig API failing for Private ROKS clusters

[vinayakshnd]

In order to fetch kubeconfig for private ROKS cluster v4.13.15_1543 using below API

bluemix-go/api/container/containerv1/clusters.go

Line 398 in 5c31bb9

func (r *clusters) GetClusterConfig(name, dir string, admin bool, target ClusterTargetHeader) (string, error) {

I am seeing below error:

Panic error runtime error: slice bounds out of range [8:0]goroutine 1 [running]:
runtime/debug.Stack()
        /usr/local/go/src/runtime/debug/stack.go:24 +0x65
runtime/debug.PrintStack()
        /usr/local/go/src/runtime/debug/stack.go:16 +0x19
github.com/IBM-Cloud/bluemix-go/api/container/containerv1.PanicCatch({0x7557c0?, 0xc0001e2300?})
        /root/go/pkg/mod/github.com/!i!b!m-!cloud/[email protected]/api/container/containerv1/openshift.go:88 +0x1ac
github.com/IBM-Cloud/bluemix-go/api/container/containerv1.(*clusters).FetchOCTokenForKubeConfig.func1()
        /root/go/pkg/mod/github.com/!i!b!m-!cloud/[email protected]/api/container/containerv1/openshift.go:109 +0x30
panic({0x7557c0, 0xc0001e2300})
        /usr/local/go/src/runtime/panic.go:884 +0x212
github.com/IBM-Cloud/bluemix-go/api/container/containerv1.(*clusters).FetchOCTokenForKubeConfig(0xc0001ba080, {0xc00013e000, 0x215, 0x216}, 0xc00037b138, 0x0)
        /root/go/pkg/mod/github.com/!i!b!m-!cloud/[email protected]/api/container/containerv1/openshift.go:157 +0xf5b
github.com/IBM-Cloud/bluemix-go/api/container/containerv1.(*clusters).GetClusterConfig(0xc0001ba080, {0x7ffff54012c1, 0xd}, {0x7ffff54012d5, 0x8}, 0x1, {{0x0, 0x0}, {0x0, 0x0}, ...})
        /root/go/pkg/mod/github.com/!i!b!m-!cloud/[email protected]/api/container/containerv1/clusters.go:469 +0xc98
main.main()
        /root/go/src/github.com/vinayakshnd/ibm/ibm-kubeconfig.go:144 +0x9ea
2023/11/07 10:04:32 Could not login to openshift account runtime error: slice bounds out of range [8:0]
exit status 1

*Notes: *

1. My code is using fairly recent version of the SDK i.e. [email protected]
2. This issue is only seen for ROKS private clusters and not for ROKS public clusters (clusters with both private and public endpoints)
3. Running this API from machine which has access to private ROKS cluster (deployed in same subnet) also faces this same issue.

[hkantare]

@mihivagyok Can you comment on this

[mihivagyok]

Hi @vinayakshnd !

What is the value of the cMeta *ClusterInfo in your case?
But maybe you cannot do that.

So can you try the example code?
https://github.com/IBM-Cloud/bluemix-go/tree/5c31bb9104f76d6bb96ab6667a521c98f8873d31/examples/container/download_config

I believe you cannot get some clusterData and that's why some parameters are empty in your case.

Thanks!
Adam

[mihivagyok]

Or please use the GetClusterConfigDetail function instead. I think that is the proper function. Thanks!

[mihivagyok]

@vinayakshnd

So the code you are using is not updated in past years.
Also, the ROKS 4.13 has changed: it uses VPE Gateway as MasterURL, so the code tries to connect to that.
Unfortunately, the code does not check for error, and that's why it is panic. But the main problem is the access problem: you cannot access the VPE Gateway from your client.
https://cloud.ibm.com/docs/openshift?topic=openshift-cs_versions_413#413_before

My advise is to use the containersv2/GetClusterConfigDetail function and set the endpoint parameter to private. That will solve the issue for you.

I can add some error handling, but it won't solve your issue.

Thanks!
Adam

[mihivagyok]

#409

With this, you would get something like this:

2023/11/07 18:12:38 Get "https://ckk2620l0jks2kmn46bg.vpe.private.eu-gb.containers.cloud.ibm.com:30766/.well-known/oauth-authorization-server": dial tcp: lookup ckk2620l0jks2kmn46bg.vpe.private.eu-gb.containers.cloud.ibm.com: no such host
exit status 1

More detail on endpoint parameter:
https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/container_cluster_config

Thanks!

[mihivagyok]

@vinayakshnd
Hi! Do you have any update? Does my proposed change work for you?

Thanks,
Adam