-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add authentication method for Gardener Shoot Clusters #244
Comments
@Avarei I've been looking to solve the same thing. Is maintaining this in a fork what you went for in the end or did you choose a different path? |
@j2L4e sadly I had to prioritize other tasks above managing gardener from crossplane. I hope to get back to it early next year but for the moment I don't have the capacity. Back then I was not really sure how actively I should push for this change, since it uses the providerConfig fields in quite an unusual/different way. I also thought of an alternative approach that might be a good substitute. |
Frankly, having provider-kubernetes depend on gardener/gardener for this rather specific use-case, doesn't feel quite right. Edit: Got it working using provider-http, token auth instead of certs and insecureSkipTLSVerify. Which is good enough for a POC. Thanks for the hint, @Avarei. |
What problem are you facing?
I would like to manage freshly created Gardener Shoot Clusters in this provider. While Most Cluster Management Tools give a AdminKubeConfig, which can be used for setting up permissions for other users and groups - Gardener uses short lived AdminKubeConfigs that are made by creating a subresource on the Shoot Object in the “Seed” cluster.
How could Crossplane help solve your problem?
The Provider could use a Seed KubeConfig to dynamically request and cache the kubeconfig for a referenced shoot cluster.
I would love to implement and contribute this feature if you are open to it.
The text was updated successfully, but these errors were encountered: