terratest icon indicating copy to clipboard operation
terratest copied to clipboard

Published 20 hours ago verified publisher icon gruntwork-io

Extend auth options for k8s helpers / KubectlOptions

Open kirecek opened this issue 4 years ago • 1 comments

Hello,

AFAIK, currently, KubectlOptions configuration supports support only auth by using kubeconfig file, right?

I wonder if it would make sense to add also option to support auth without using kubeconfig file and use endpoint, token, cert data directly.

I am using terraform+kubernetes and I would like to get rid of kubeconfig file generators for providers defined like this:

provider "kubernetes" {
  load_config_file          = false
  host                            = "https://${google_container_cluster.cluster.endpoint}"
  cluster_ca_certificate = base64decode(google_container_cluster.cluster.master_auth.0.cluster_ca_certificate)
  token                          = data.google_client_config.current.access_token
}

Or auth creds pulled from remote state etc..

No idea what is the recommended approach here tbh.

WDYT?

kirecek avatar Dec 21 '20 20:12 kirecek

This seems reasonable. I think one approach we can take is to use a similar function we defined in kubergrunt to manage the auth flow, although I am not 100% sure what the best way to wrap the kubergrunt API in terratest would be such that it is backwards compatible but also DRY (given that the structs are different).

yorinasub17 avatar Jan 04 '21 19:01 yorinasub17

This is definitely something that would be very handy, currently having to make a call to aws eks update-kubeconfig which relies on having the CLI installed on our CI which isn't ideal.

I am happy to have a stab at this but not sure it would it be the best.

charlierm avatar Sep 08 '23 11:09 charlierm