You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As programmatic Gardener consumer I want a technical user, so that I can manage my cluster without the use of the dashboard (create or delete them).
Motivation
Our current IdP SAML-based authentication solution works only from the dashboard. There are limitations to expand that to technical users and programmatic access.
Acceptance Criteria
In the members area of the Gardener dashboard we should offer the possibility to create a technical user (API user). This could be done as an additional tab in the "assign user to project" popup.
After adding the technical user as a member, a download icon should appear (next to the delete icon), which allows him to download a kubeconfig file. This kubeconfig file includes a valid token and allows the user to create shoot clusters via kubectl.
After the enduser added the technical user the following things happen in the background
A ServiceAccount with the same name as the technical user is created.
The Service Account is added to the rolebinding 'garden-project-members' to have the same restricted permissions as all other members.
A kubeconfig file is created with a valid token. The token can be retrieved from a secret, which is automatically created when you create a ServiceAccount.
Story
Motivation
Our current IdP SAML-based authentication solution works only from the dashboard. There are limitations to expand that to technical users and programmatic access.
Acceptance Criteria
Note: Scripting solution is already available internally at https://github.wdf.sap.corp/kubernetes/garden-setup/tree/master/utils (by @RaphaelVogel).
Definition of Done
The text was updated successfully, but these errors were encountered: