Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add "auth-extra-groups" field to bootstrap token #442

Merged
merged 1 commit into from
Apr 6, 2020
Merged

Add "auth-extra-groups" field to bootstrap token #442

merged 1 commit into from
Apr 6, 2020

Conversation

zuzzas
Copy link
Contributor

@zuzzas zuzzas commented Apr 1, 2020

What this PR does / why we need it:

I'd like to access Kubernetes objects in some way or another using the bootstrap token. It's possible to do just that by providing the auth-extra-groups field (this PR) and creating a Role/RoleBinding.

Special notes for your reviewer:

The format of the configuration is open to discussion. Perhaps, it would be better to move this to a per-MachineClass Secret?

Release note:

Provide a way to specify "auth-extra-groups" field in created bootstrap tokens.

@zuzzas
Add "auth-extra-groups" field to bootstrap token
ee2bbc1 
Signed-off-by: Andrey Klimentyev <andrey.klimentyev@flant.com>
@zuzzas zuzzas requested review from ggaurav10 and a team as code owners April 1, 2020 19:18
@hardikdr hardikdr added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Apr 4, 2020
@gardener-robot-ci-3 gardener-robot-ci-3 added needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Apr 4, 2020
@hardikdr
Copy link
Member

hardikdr commented Apr 4, 2020

I am generally fine either way. Setting it per machine-class secret could be useful to differentiate the auth-groups per machine-classes as well.
I'd leave it to you to decide the approach :)

@zuzzas
Copy link
Contributor Author

zuzzas commented Apr 5, 2020

I'd like to leave as it is. It serves us perfectly since we are using MCM without Gardener (for now). If a need arises, it can easily be refactored.

@hardikdr hardikdr added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Apr 6, 2020
@gardener-robot-ci-1 gardener-robot-ci-1 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Apr 6, 2020
@hardikdr hardikdr merged commit 740d4d6 into gardener:master Apr 6, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hardikdr hardikdr hardikdr approved these changes

@ggaurav10 ggaurav10 Awaiting requested review from ggaurav10

Assignees
No one assigned
Labels
needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@zuzzas @hardikdr @gardener-robot-ci-1 @gardener-robot-ci-3