Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create admin kubeconfig using SA token #1454

Open
jakolehm opened this issue Aug 13, 2019 · 2 comments · May be fixed by #1458
Open

Create admin kubeconfig using SA token #1454

jakolehm opened this issue Aug 13, 2019 · 2 comments · May be fixed by #1458
Assignees
@kke
Labels
enhancement New feature or request
Milestone
2.5.0

Comments

@jakolehm
Copy link
Contributor

What would you like to be added:

Admin kubeconfig should use SA token instead of client cert auth.

Why is this needed:

SA token does not expire and it can be easily revoked via kube api if needed. Cert auth does expire and revoke is not possible.
@jakolehm jakolehm added the enhancement New feature or request label Aug 13, 2019
@jakolehm jakolehm added this to the 2.5.0 milestone Aug 13, 2019
@kke
Copy link
Contributor

kke commented Aug 13, 2019

How about generating a short lived bootstrap token for each run?

@jakolehm
Copy link
Contributor Author

How about generating a short lived bootstrap token for each run?

With admin kubeconfig I mean the config that pharos kubeconfig fetches (which is stored in master at ~/.kube/config).

@kke kke linked a pull request Aug 13, 2019 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kke kke

Labels
enhancement New feature or request
Projects
None yet
Milestone
2.5.0
Development

Successfully merging a pull request may close this issue.

Create a service account and token for use in ~/.kube/config kontena/pharos-cluster
2 participants
@kke @jakolehm