Kubeconfig exec authentication when connecting with --docker from a WSL #3606
Commits on Jun 3, 2024
-
Kubeconfig exec authentication when connecting with --docker from a WSL
Clusters like Amazon EKS often use a special authentication binary that is declared in the kubeconfig using an `exec` authentication strategy. This binary is normally not available inside a container. Consequently, a modified kubeconfig is used when `telepresence connect --docker` executes, appointing a `kubeauth` binary which instead retrieves the authentication from a port on the Docker host that communicates with another process outside of Docker. This process then executes the original `exec` command to retrieve the necessary credentials. This setup was problematic when using WSL, because even though `telepresence connect --docker` was executed on a Linux host, the Docker host available from `host.docker.internal` that the `kubeauth` connected to was the Windows host running Docker Desktop. The fix for this was to use the local IP of the default route instead of `host.docker.internal` when running under WSL. Signed-off-by: Thomas Hallgren <[email protected]>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.