From 9509072229ad2cc86f95c05325f8b82c43474937 Mon Sep 17 00:00:00 2001
From: leogargu <6627684+leogargu@users.noreply.github.com>
Date: Mon, 5 Feb 2024 12:44:34 +0000
Subject: [PATCH 1/3] [kubernetes] Use KUBECONFIG if set

---
 metaflow/plugins/kubernetes/kubernetes_client.py | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/metaflow/plugins/kubernetes/kubernetes_client.py b/metaflow/plugins/kubernetes/kubernetes_client.py
index bca4bd48915..087a49116c3 100644
--- a/metaflow/plugins/kubernetes/kubernetes_client.py
+++ b/metaflow/plugins/kubernetes/kubernetes_client.py
@@ -4,8 +4,10 @@
 
 from metaflow.exception import MetaflowException
 
+from .kubernetes import KubernetesException
 from .kubernetes_job import KubernetesJob
 
+
 CLIENT_REFRESH_INTERVAL_SECONDS = 300
 
 
@@ -32,15 +34,19 @@ def __init__(self):
     def _refresh_client(self):
         from kubernetes import client, config
 
-        if os.getenv("KUBERNETES_SERVICE_HOST"):
-            # We are inside a pod, authenticate via ServiceAccount assigned to us
-            config.load_incluster_config()
-        else:
+        if os.getenv("KUBECONFIG"):
             # Use kubeconfig, likely $HOME/.kube/config
             # TODO (savin):
             #  1. Support generating kubeconfig on the fly using boto3
             #  2. Support auth via OIDC - https://docs.aws.amazon.com/eks/latest/userguide/authenticate-oidc-identity-provider.html
             config.load_kube_config()
+        elif os.getenv("KUBERNETES_SERVICE_HOST"):
+            # We are inside a pod, authenticate via ServiceAccount assigned to us
+            config.load_incluster_config()
+        else:
+            raise KubernetesException(
+                "Neither KUBECONFIG exists nor are we running inside a cluster."
+            )
         self._client = client
         self._client_refresh_timestamp = time.time()
 

From f9ffb10024d7b2dd7502bc103ca6824769667a0d Mon Sep 17 00:00:00 2001
From: leogargu <6627684+leogargu@users.noreply.github.com>
Date: Mon, 5 Feb 2024 18:57:22 +0000
Subject: [PATCH 2/3] [kubernetes] If neither KUBECONFIG nor
 KUBERNETES_SERVICE_HOST are set, default to loading kubeconfig to keep
 current behaviour

---
 metaflow/plugins/kubernetes/kubernetes_client.py | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/metaflow/plugins/kubernetes/kubernetes_client.py b/metaflow/plugins/kubernetes/kubernetes_client.py
index 087a49116c3..7eb6a2c16d2 100644
--- a/metaflow/plugins/kubernetes/kubernetes_client.py
+++ b/metaflow/plugins/kubernetes/kubernetes_client.py
@@ -4,7 +4,6 @@
 
 from metaflow.exception import MetaflowException
 
-from .kubernetes import KubernetesException
 from .kubernetes_job import KubernetesJob
 
 
@@ -35,18 +34,16 @@ def _refresh_client(self):
         from kubernetes import client, config
 
         if os.getenv("KUBECONFIG"):
-            # Use kubeconfig, likely $HOME/.kube/config
-            # TODO (savin):
-            #  1. Support generating kubeconfig on the fly using boto3
-            #  2. Support auth via OIDC - https://docs.aws.amazon.com/eks/latest/userguide/authenticate-oidc-identity-provider.html
             config.load_kube_config()
         elif os.getenv("KUBERNETES_SERVICE_HOST"):
             # We are inside a pod, authenticate via ServiceAccount assigned to us
             config.load_incluster_config()
         else:
-            raise KubernetesException(
-                "Neither KUBECONFIG exists nor are we running inside a cluster."
-            )
+            # Default to using kubeconfig, likely $HOME/.kube/config
+            # TODO (savin):
+            #  1. Support generating kubeconfig on the fly using boto3
+            #  2. Support auth via OIDC - https://docs.aws.amazon.com/eks/latest/userguide/authenticate-oidc-identity-provider.html
+            config.load_kube_config()
         self._client = client
         self._client_refresh_timestamp = time.time()
 

From 997e4dacf087d1ee4127e0d27f8c600446d4f5d1 Mon Sep 17 00:00:00 2001
From: leogargu <6627684+leogargu@users.noreply.github.com>
Date: Mon, 5 Feb 2024 19:20:03 +0000
Subject: [PATCH 3/3] [kubernetes] Document use of KUBECONFIG environment
 variable

---
 metaflow/plugins/kubernetes/kubernetes_client.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/metaflow/plugins/kubernetes/kubernetes_client.py b/metaflow/plugins/kubernetes/kubernetes_client.py
index 7eb6a2c16d2..33023f36c11 100644
--- a/metaflow/plugins/kubernetes/kubernetes_client.py
+++ b/metaflow/plugins/kubernetes/kubernetes_client.py
@@ -34,6 +34,11 @@ def _refresh_client(self):
         from kubernetes import client, config
 
         if os.getenv("KUBECONFIG"):
+            # There are cases where we're running inside a pod, but can't use
+            # the kubernetes client for that pod's cluster: for example when
+            # running in Bitbucket Cloud or other CI system.
+            # In this scenario, the user can set a KUBECONFIG environment variable
+            # to load the kubeconfig, regardless of whether we're in a pod or not.
             config.load_kube_config()
         elif os.getenv("KUBERNETES_SERVICE_HOST"):
             # We are inside a pod, authenticate via ServiceAccount assigned to us