jetstack-secure icon indicating copy to clipboard operation
jetstack-secure copied to clipboard

Published 20 hours ago verified publisher icon jetstack

WIP: Test secretless authentication on GKE

Open wallrj opened this issue 1 year ago • 0 comments

This modified script will create a GKE cluster and set up: venafi-enhanced-issuer, approver-policy-enterprise, and venafi-kubernetes-agent to authenticate to Venafi Control Plane using a Kubernetes ServiceAccount Token.

$ ./hack/e2e/test.sh
...
2024/08/23 16:35:02 Venafi Connection mode was specified, using Venafi Connection authentication.
2024/08/23 16:35:02 ignoring venafi-cloud.upload_path. In Venafi Connection mode, this field is not needed.
2024/08/23 16:35:02 ignoring venafi-cloud.uploader_id. In Venafi Connection mode, this field is not needed.
2024/08/23 16:35:02 Prometheus was enabled.
Running prometheus server on port :8081
2024/08/23 16:36:13 Posting data to: https://api.venafi.cloud/
2024/08/23 16:36:13 retrying in 20.592925933s after error: post to server failed: while loading the VenafiConnection venafi/venafi-components: VenafiConnection.jetstack.io "venafi-components" not found
2024/08/23 16:36:34 Posting data to: https://api.venafi.cloud/
2024/08/23 16:36:34 retrying in 55.382780171s after error: post to server failed: while loading the VenafiConnection venafi/venafi-components: VenafiConnection.jetstack.io "venafi-components" not found
2024/08/23 16:37:29 Posting data to: https://api.venafi.cloud/
2024/08/23 16:37:31 Data sent successfully.

$ kubectl get venaficonnection -n venafi -o yaml
...
  status:
    conditions:
    - lastTransitionTime: "2024-08-27T16:52:14Z"
      lastUpdateTime: "2024-08-28T16:28:22Z"
      message: d97b3a02ea4dbd895aa730df409d9a15011aab855d710d59822e852cb84fae64
      observedGeneration: 3
      reason: Generated a token
      status: "True"
      tokenValidUntil: "2024-08-28T16:43:22Z"
      type: VenafiKubernetesAgentReady
    - lastTransitionTime: "2024-08-28T11:14:55Z"
      lastUpdateTime: "2024-08-28T16:41:11Z"
      message: 9822840ae10e13e9a0a7f6a0d74c8e70a201892a0e1aef8268f4e9527945eb2e
      observedGeneration: 3
      reason: Generated a token
      status: "True"
      tokenValidUntil: "2024-08-28T16:56:11Z"
      type: VenafiEnhancedIssuerReady
    - lastTransitionTime: "2024-08-28T14:36:22Z"
      lastUpdateTime: "2024-08-28T16:27:34Z"
      message: 51f7b1e16e7a5ac9255d019e1cf50857ebe04f2eb78892d45e1cdc96e01aa87c
      observedGeneration: 3
      reason: Generated a token
      status: "True"
      tokenValidUntil: "2024-08-28T16:42:34Z"
      type: ApproverPolicyVenafiReady

Here are the corresponding events from the Venafi Control Plane event log image

Ref: VC-35374

wallrj avatar Aug 23 '24 11:08 wallrj