pharos-cluster icon indicating copy to clipboard operation
pharos-cluster copied to clipboard

Published 20 hours ago verified publisher icon kontena

Create admin kubeconfig using SA token

Open jakolehm opened this issue 5 years ago • 2 comments

What would you like to be added:

Admin kubeconfig should use SA token instead of client cert auth.

Why is this needed:

SA token does not expire and it can be easily revoked via kube api if needed. Cert auth does expire and revoke is not possible.

jakolehm avatar Aug 13 '19 07:08 jakolehm

How about generating a short lived bootstrap token for each run?

kke avatar Aug 13 '19 07:08 kke

How about generating a short lived bootstrap token for each run?

With admin kubeconfig I mean the config that pharos kubeconfig fetches (which is stored in master at ~/.kube/config).

jakolehm avatar Aug 13 '19 08:08 jakolehm