Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Script to generate kubeconfig secret and ClientConfig #89

Merged
merged 4 commits into from
Aug 23, 2021

Conversation

jsanda
Copy link
Contributor

@jsanda jsanda commented Aug 20, 2021

What this PR does:

  • Gets the service account token from the remote cluster
  • Gets the CA cert from the remote cluster
  • Creates a kubeconfig file using the token and CA cert
  • Create a secret that contains the kubeconfig
  • Create a ClientConfig that references the secret

Which issue(s) this PR fixes:
Fixes #83

Checklist

  • Changes manually tested
  • Automated Tests added/updated
  • Documentation added/updated
  • CHANGELOG.md updated (not required for documentation PRs)
  • CLA Signed: DataStax CLA

@jsanda jsanda requested a review from a team as a code owner August 20, 2021 15:34
echo
echo "Syntax: create-client-config.sh [options]"
echo "Options:"
echo "src-context The context for the source cluster that contains the service account. This or the src-kubeconfig option must be set."
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very minor: for a prettier output you could align the start of each description text.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried a couple different approaches for formatting/wrapping the text into fixed width columns. Any suggestions on how best to do it?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm no specialist in these things but I added a suggestion in another comment below:

https://github.com/k8ssandra/k8ssandra-operator/pull/89/files#r693825451

# script fetches the k8ssandra-operator service account from the remote cluster and
# extracts the token and CA cert which are then added to a kubeconfig file. The script then
# creates a secret with the contents of the kubeconfig file. Lastly, the script creates a
# ClientObject that references the secret.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
# ClientObject that references the secret.
# ClientConfig object that references the secret.

mkdir -p $output_dir
fi

if [ ! -z "$namespace"]; then
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if [ ! -z "$namespace"]; then
if [ ! -z "$namespace" ]; then

scripts/create-client-config.sh Show resolved Hide resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

K8SSAND-799 ⁃ Add support for service account token authentication to remote clusters
2 participants