fix: remove kubeconfig (#3802)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>

cmd/initContainer/main.go

@@ -26,13 +26,13 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
 	"k8s.io/klog/v2"
 	"k8s.io/klog/v2/klogr"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 )
 
 var (
-	kubeconfig           string
 	setupLog             = log.Log.WithName("setup")
 	clientRateLimitQPS   float64
 	clientRateLimitBurst int
@@ -72,10 +72,13 @@ func main() {
 	// os signal handler
 	stopCh := signal.SetupSignalHandler()
 	// create client config
-	kubeconfig = ""
-	clientConfig, err := config.CreateClientConfig(kubeconfig, clientRateLimitQPS, clientRateLimitBurst)
+	clientConfig, err := rest.InClusterConfig()
 	if err != nil {
-		setupLog.Error(err, "Failed to build kubeconfig")
+		setupLog.Error(err, "Failed to create clientConfig")
+		os.Exit(1)
+	}
+	if err := config.ConfigureClientConfig(clientConfig, clientRateLimitQPS, clientRateLimitBurst); err != nil {
+		setupLog.Error(err, "Failed to create clientConfig")
 		os.Exit(1)
 	}
 

cmd/kyverno/main.go

@@ -41,6 +41,7 @@ import (
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 	kubeinformers "k8s.io/client-go/informers"
 	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
 	"k8s.io/klog/v2"
 	"k8s.io/klog/v2/klogr"
 	"sigs.k8s.io/controller-runtime/pkg/log"
@@ -51,7 +52,6 @@ const resyncPeriod = 15 * time.Minute
 var (
 	//TODO: this has been added to backward support command line arguments
 	// will be removed in future and the configuration will be set only via configmaps
-	kubeconfig                   string
 	serverIP                     string
 	profilePort                  string
 	metricsPort                  string
@@ -97,13 +97,16 @@ func main() {
 
 	cleanUp := make(chan struct{})
 	stopCh := signal.SetupSignalHandler()
-	kubeconfig = ""
 	debug := serverIP != ""
 
 	// clients
-	clientConfig, err := config.CreateClientConfig(kubeconfig, clientRateLimitQPS, clientRateLimitBurst)
+	clientConfig, err := rest.InClusterConfig()
 	if err != nil {
-		setupLog.Error(err, "Failed to build kubeconfig")
+		setupLog.Error(err, "Failed to create clientConfig")
+		os.Exit(1)
+	}
+	if err := config.ConfigureClientConfig(clientConfig, clientRateLimitQPS, clientRateLimitBurst); err != nil {
+		setupLog.Error(err, "Failed to create clientConfig")
 		os.Exit(1)
 	}
 	kyvernoClient, err := kyvernoclient.NewForConfig(clientConfig)

pkg/config/client.go

@@ -5,29 +5,14 @@ import (
 	"math"
 
 	rest "k8s.io/client-go/rest"
-	clientcmd "k8s.io/client-go/tools/clientcmd"
 )
 
-// CreateClientConfig creates client config and applies rate limit QPS and burst
-func CreateClientConfig(kubeconfig string, qps float64, burst int) (*rest.Config, error) {
-	clientConfig, err := createClientConfig(kubeconfig)
-	if err != nil {
-		return nil, err
-	}
+// ConfigureClientConfig creates client config and applies rate limit QPS and burst
+func ConfigureClientConfig(clientConfig *rest.Config, qps float64, burst int) error {
 	if qps > math.MaxFloat32 {
-		return nil, fmt.Errorf("client rate limit QPS must not be higher than %e", math.MaxFloat32)
+		return fmt.Errorf("client rate limit QPS must not be higher than %e", math.MaxFloat32)
 	}
 	clientConfig.Burst = burst
 	clientConfig.QPS = float32(qps)
-	return clientConfig, nil
-}
-
-// createClientConfig creates client config
-func createClientConfig(kubeconfig string) (*rest.Config, error) {
-	if kubeconfig == "" {
-		logger.Info("Using in-cluster configuration")
-		return rest.InClusterConfig()
-	}
-	logger.V(4).Info("Using specified kubeconfig", "kubeconfig", kubeconfig)
-	return clientcmd.BuildConfigFromFlags("", kubeconfig)
+	return nil
 }

pkg/config/config_test.go

@@ -2,21 +2,17 @@ package config_test
 
 import (
 	"math"
-	"os"
 	"testing"
 
 	"gotest.tools/assert"
-	"k8s.io/apimachinery/pkg/runtime"
-	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
-	clientcmdlatest "k8s.io/client-go/tools/clientcmd/api/latest"
+	"k8s.io/client-go/rest"
 
 	"github.com/kyverno/kyverno/pkg/config"
 )
 
 func Test_CreateClientConfig_WithKubeConfig(t *testing.T) {
-	cf := createMinimalKubeconfig(t)
-	defer os.Remove(cf)
-	_, err := config.CreateClientConfig(cf, 0, 0)
+	c := &rest.Config{}
+	err := config.ConfigureClientConfig(c, 0, 0)
 	assert.NilError(t, err)
 }
 
@@ -25,10 +21,8 @@ func Test_CreateClientConfig_SetBurstQPS(t *testing.T) {
 		qps   = 55
 		burst = 99
 	)
-
-	cf := createMinimalKubeconfig(t)
-	defer os.Remove(cf)
-	c, err := config.CreateClientConfig(cf, qps, burst)
+	c := &rest.Config{}
+	err := config.ConfigureClientConfig(c, qps, burst)
 	assert.NilError(t, err)
 	assert.Equal(t, float32(qps), c.QPS)
 	assert.Equal(t, burst, c.Burst)
@@ -36,36 +30,7 @@ func Test_CreateClientConfig_SetBurstQPS(t *testing.T) {
 
 func Test_CreateClientConfig_LimitQPStoFloat32(t *testing.T) {
 	qps := float64(math.MaxFloat32) * 2
-
-	cf := createMinimalKubeconfig(t)
-	defer os.Remove(cf)
-	_, err := config.CreateClientConfig(cf, qps, 0)
+	c := &rest.Config{}
+	err := config.ConfigureClientConfig(c, qps, 0)
 	assert.ErrorContains(t, err, "QPS")
 }
-
-func createMinimalKubeconfig(t *testing.T) string {
-	t.Helper()
-
-	minimalConfig := clientcmdapi.Config{
-		Clusters: map[string]*clientcmdapi.Cluster{
-			"test": {Server: "http://localhost:7777"},
-		},
-		AuthInfos: map[string]*clientcmdapi.AuthInfo{
-			"test": {},
-		},
-		Contexts: map[string]*clientcmdapi.Context{
-			"test": {AuthInfo: "test", Cluster: "test"},
-		},
-		CurrentContext: "test",
-	}
-
-	f, err := os.CreateTemp("", "")
-	assert.NilError(t, err)
-	enc, err := runtime.Encode(clientcmdlatest.Codec, &minimalConfig)
-	assert.NilError(t, err)
-	_, err = f.Write(enc)
-	assert.NilError(t, err)
-	assert.NilError(t, f.Close())
-
-	return f.Name()
-}