-
Notifications
You must be signed in to change notification settings - Fork 20
Support exec
authentication plugin
#5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
Hey 👋 sorry for the delayed reply. I was trying to enjoy the last couple of days in my short vacation 😬 Yes, I've thought about this and it's currently not on the "near" roadmap, because I want to focus on the whole API part first, then proper CRD support second. IMHO, supporting the Having said that, we could however provide an abstraction for the |
Hey, yes, makes sense. The only problem with the external approach is, that if the token expires, you have to recreate the whole client instance and make sure that only this new instance is used in the app. But I totally get that this is not high priority at the moment and would also be fine with closing the issue for now. |
Token expiry could be handled by a callback through the plugin abstraction API, i.e. the external implementation should be able to create a new authentication and also refresh it when the client reports an auth error. This would however mean, that the client config should become mutable. |
k8s.io/client-go
and tools using it such askubectl
andkubelet
are able to execute an external command to receive user credentials. Have you thought about supporting this feature for this client implementation as well? For example, for AWS managed EKS clusters, you need to callaws eks get-token
to obtain an (expiring) k8s bearer token to access the cluster from your development machine. For now this can be done before creating a client instance and the use the result as thebearer token
.The text was updated successfully, but these errors were encountered: