Skip to content

kubex.configuration

Auto-generated reference for the kubex.configuration module.

ClientConfiguration model

kubex.configuration.configuration

AuthInfo

Bases: BaseK8sModel

AuthInfo contains information that describes identity information. This is use to tell the kubernetes cluster who you are.

as_ class-attribute instance-attribute 

as_: str | None = Field(None, alias='as')

Impersonate is the username to impersonate. The name matches the flag.

as_groups class-attribute instance-attribute 

as_groups: list[str] | None = Field(None, alias="as-groups")

ImpersonateGroups is the groups to impersonate.

as_uid class-attribute instance-attribute 

as_uid: str | None = Field(None, alias='as-uid')

ImpersonateUID is the uid to impersonate.

as_user_extra class-attribute instance-attribute 

as_user_extra: dict[str, str] | None = Field(
    None, alias="as-user-extra"
)

ImpersonateUserExtra contains additional information for impersonated user.

auth_provider class-attribute instance-attribute 

auth_provider: AuthProviderConfig | None = Field(
    None, alias="auth-provider"
)

AuthProvider specifies a custom authentication plugin for the kubernetes cluster.

client_certificate class-attribute instance-attribute 

client_certificate: FilePath | None = Field(
    None, alias="client-certificate"
)

ClientCertificate is the path to a client cert file for TLS.

client_certificate_data class-attribute instance-attribute 

client_certificate_data: str | None = Field(
    None, alias="client-certificate-data"
)

ClientCertificateData contains PEM-encoded data from a client cert file for TLS. Overrides ClientCertificate.

client_key class-attribute instance-attribute 

client_key: FilePath | None = Field(
    None, alias="client-key"
)

ClientKey is the path to a client key file for TLS.

client_key_data class-attribute instance-attribute 

client_key_data: str | None = Field(
    None, alias="client-key-data"
)

ClientKeyData contains PEM-encoded data from a client key file for TLS. Overrides ClientKey.

token class-attribute instance-attribute 

token: str | None = None

Token is the bearer token for authentication to the kubernetes cluster.

token_file class-attribute instance-attribute 

token_file: FilePath | None = Field(None, alias="tokenFile")

TokenFile is the path to a file containing the bearer token for authentication to the kubernetes cluster.

AuthProviderConfig

Bases: BaseK8sModel

AuthProviderConfig holds the configuration for a custom authentication plugin.

config instance-attribute 

config: OIDCConfig | dict[str, str]

Config holds the auth provider configuration data.

name instance-attribute 

name: str

Name is the name of the auth provider.

Cluster

Bases: BaseK8sModel

Cluster contains information about how to communicate with a kubernetes cluster.

certificate_authority class-attribute instance-attribute 

certificate_authority: FilePath | None = Field(
    None, alias="certificate-authority"
)

CertificateAuthority is the path to a cert file for the certificate authority.

certificate_authority_data class-attribute instance-attribute 

certificate_authority_data: str | None = Field(
    None, alias="certificate-authority-data"
)

CertificateAuthorityData contains PEM-encoded certificate authority certificates. Overrides CertificateAuthority.

disable_compression class-attribute instance-attribute 

disable_compression: bool = Field(
    False, alias="disable-compression"
)

DisableCompression allows client to opt-out of response compression for all requests to the server. This is useful to speed up requests (specifically lists) when client-server network bandwidth is ample, by saving time on compression (server-side) and decompression (client-side): https://github.com/kubernetes/kubernetes/issues/112296.

extensions class-attribute instance-attribute 

extensions: list[NamedExtension] | None = None

Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields.

insecure_skip_tls_verify class-attribute instance-attribute 

insecure_skip_tls_verify: bool = Field(
    False, alias="insecure-skip-tls-verify"
)

InsecureSkipTLSVerify skips the validity check for the server's certificate. This will make your HTTPS connections insecure.

proxy_url class-attribute instance-attribute 

proxy_url: str | None = Field(None, alias='proxy-url')

ProxyURL is the URL to the proxy to be used for all requests made by this client. URLs with "http", "https", and "socks5" schemes are supported. If this configuration is not provided or the empty string, the client attempts to construct a proxy configuration from http_proxy and https_proxy environment variables. If these environment variables are not set, the client does not attempt to proxy requests. socks5 proxying does not currently support spdy streaming endpoints (exec, attach, port forward).

server instance-attribute 

server: HttpUrl

Server is the address of the kubernetes cluster (https://hostname:port).

tls_server_name class-attribute instance-attribute 

tls_server_name: str | None = Field(
    None, alias="tls-server-name"
)

TLSServerName is used to check server certificate. If TLSServerName is empty, the hostname used to contact the server is used.

Context

Bases: BaseK8sModel

Context holds user values, cluster values, and extension values.

cluster instance-attribute 

cluster: str

Cluster is the name of the cluster for this context.

extensions class-attribute instance-attribute 

extensions: list[NamedExtension] | None = None

Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields.

namespace class-attribute instance-attribute 

namespace: str | None = None

Namespace is the default namespace to use on unspecified requests.

user instance-attribute 

user: str

User is the name of the user for this context.

ExecConfig

Bases: BaseK8sModel

ExecConfig specifies a command to provide client credentials.

api_version class-attribute instance-attribute 

api_version: (
    Literal[
        "client.authentication.k8s.io/v1beta1",
        "client.authentication.k8s.io/v1",
    ]
    | None
) = Field(None, alias="apiVersion")

APIVersion is the version of the API.

args class-attribute instance-attribute 

args: list[str] | None = None

Args to pass to the command when executing it.

command instance-attribute 

command: str

Command to execute.

env class-attribute instance-attribute 

env: list[dict[str, str]] | None = None

Env defines the environment variables to pass to the command.

ExecInteractiveMode

Bases: str, Enum

ExecInteractiveMode define the interactity of the child process

ALWAYS class-attribute instance-attribute 

ALWAYS = 'Always'

Always get interactive

IF_AVAILABLE class-attribute instance-attribute 

IF_AVAILABLE = 'IfAvailable'

Get interactive if available

NEVER class-attribute instance-attribute 

NEVER = 'Never'

Never get interactive

KubeConfig

Bases: BaseK8sModel

Config holds the information needed to build connect to remote kubernetes clusters as a given user.

clusters class-attribute instance-attribute 

clusters: list[NamedClaster] = Field(default_factory=list)

Clusters is a map of referencable names to cluster configs.

contexts class-attribute instance-attribute 

contexts: list[NamedContext] = Field(default_factory=list)

Contexts is a map of referencable names to context configs.

current_context class-attribute instance-attribute 

current_context: str | None = Field(
    None, alias="current-context"
)

CurrentContext is the name of the context that you would like to use by default.

users class-attribute instance-attribute 

users: list[NamedAuthInfo] = Field(default_factory=list)

AuthInfos is a map of referencable names to user configs.

NamedAuthInfo

Bases: BaseK8sModel

NamedAuthInfo holds an AuthInfo with name.

auth_info class-attribute instance-attribute 

auth_info: AuthInfo = Field(alias='user')

AuthInfo holds the auth info.

name instance-attribute 

name: str

Name is the name of the auth

NamedClaster

Bases: BaseK8sModel

NamedCluster holds a cluster with name.

cluster instance-attribute 

cluster: Cluster

Cluster holds the cluster information.

name instance-attribute 

name: str

Name is the name of the cluster.

NamedContext

Bases: BaseK8sModel

NamedContext holds a context with name.

context instance-attribute 

context: Context

Context holds the context information.

name instance-attribute 

name: str

Name is the name of the context.

NamedExtension

Bases: BaseK8sModel

NamedExtension holds an extension with name.

extension instance-attribute 

extension: Any

Extension holds the extension information.

name instance-attribute 

name: str

Name is the name of the extension.

OIDCConfig

Bases: BaseK8sModel

client_id class-attribute instance-attribute 

client_id: SecretStr = Field(alias='client-id')

ClientID is the client ID for the OpenID Connect client, as described in https://tools.ietf.org/html/rfc6749#section-2.2.

client_secret class-attribute instance-attribute 

client_secret: SecretStr = Field(alias='client-secret')

ClientSecret is the client secret for the OpenID Connect client, as described in https://tools.ietf.org/html/rfc6749#section-2.3.

idp_issuer_url class-attribute instance-attribute 

idp_issuer_url: str = Field(alias='idp-issuer-url')

IDPIssuerURL is the URL of the OpenID issuer, only HTTPS scheme will be accepted.

refresh_token class-attribute instance-attribute 

refresh_token: SecretStr = Field(alias='refresh-token')

RefreshToken is the refresh token for the OpenID Connect client, as described in https://tools.ietf.org/html/rfc6749#section-6.

RawExtension

Bases: BaseK8sModel

RawExtension is used to hold extensions in external versions

object_ class-attribute instance-attribute 

object_: dict[str, Any] | None = Field(None, alias="object")

Object can hold a representation of this extension - useful for working with versioned structs.

raw class-attribute instance-attribute 

raw: bytes | None = None

Raw is the underlying serialization of this object.

Kubeconfig file loading

kubex.configuration.file_config

configure_from_kubeconfig async 

configure_from_kubeconfig(
    config: KubeConfig | None = None,
    use_context: str | None = None,
) -> ClientConfiguration

Creates a ClientConfiguration from a KubeConfig.

Source code in kubex/configuration/file_config.py 
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
async def configure_from_kubeconfig(
    config: KubeConfig | None = None, use_context: str | None = None
) -> ClientConfiguration:
    """Creates a ClientConfiguration from a KubeConfig."""
    if config is None:
        config = _load_kube_config()
    current_context = use_context or config.current_context
    if not current_context:
        raise ValueError("No current context in kubeconfig")
    context = next(
        (c.context for c in config.contexts if c.name == current_context),
        None,
    )
    if not context:
        raise ValueError(f"Context {current_context} not found in kubeconfig")
    cluster = next(
        (c.cluster for c in config.clusters if c.name == context.cluster),
        None,
    )
    if not cluster:
        raise ValueError(f"Cluster {context.cluster} not found in kubeconfig")
    user = next(
        (u.auth_info for u in config.users if u.name == context.user),
        None,
    )
    if not user:
        raise ValueError(f"User {context.user} not found in kubeconfig")
    ca_file = cluster.certificate_authority
    if ca_file is None and cluster.certificate_authority_data is not None:
        ca_file = _decode_and_put_to_file(cluster.certificate_authority_data)
    client_cert_file = user.client_certificate
    if client_cert_file is None and user.client_certificate_data is not None:
        client_cert_file = _decode_and_put_to_file(user.client_certificate_data)
    client_key_file = user.client_key
    if client_key_file is None and user.client_key_data is not None:
        client_key_file = _decode_and_put_to_file(user.client_key_data)
    return ClientConfiguration(
        url=str(cluster.server),
        server_ca_file=ca_file,
        client_cert_file=client_cert_file,
        client_key_file=client_key_file,
    )

In-cluster configuration

kubex.configuration.incluster_config

Exec provider authentication

kubex.configuration.auth.exec

OIDC authentication

kubex.configuration.auth.oidc

Refreshable token

kubex.configuration.auth.refreshable_token