kubeapps
kubeapps copied to clipboard
vmware-tanzu
Use an explicit token to identify kubeapps cluster when required.
Signed-off-by: Michael Nelson [email protected]
Description of the change
For discussion related to #4564 .
This PR aims to ensure that the context for an available package can always be resolved, even when there is no configured cluster name corresponding to the cluster on which Kubeapps is installed.
We need to test this as I suspect, if installing a package still requires fetching the AppRepository, that it would mean that the user credential must be valid to authenticate with the cluster on which Kubeapps is installed. The user doesn't need any RBAC, only the ability to authenticate, since Kubeapps already includes RBAC to ensure that global repositories are readable by any authenticated user.
Also, if pinniped-proxy is being used, it won't currently handle this scenario (where the new token is used for the cluster on which Kubeapps is installed), but that will be easy to update. I'll add that depending on the discussion here.
Benefits
Possible drawbacks
Applicable issues
- fixes #
Additional information
Deploy Preview for kubeapps-dev canceled.
Built without sensitive environment variables
| Name | Link |
|---|---|
| Latest commit | 64c43dfe247036c143cfb75ab81d4500fd9f893d |
| Latest deploy log | https://app.netlify.com/sites/kubeapps-dev/deploys/633ee545e21e5500082a563e |
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}
Once https://github.com/vmware-tanzu/kubeapps/pull/5566 was merged, can we close this one, @castelblanque ?
