Alternative path (then default usage of RBAC) for kubefed cluster access #247
Alternative path (then default usage of RBAC) for kubefed cluster access #247
Conversation
…ive kubeconfig in kubefed init
…config in kubefed join
…use-credentials-kubeconfig in unjoin
@shashidharatd please have a look! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry @irfanurrehman for the delay. Couple of minor nits. looks fine otherwise.
pkg/kubefed/util/util.go
Outdated
} | ||
|
||
func (o *SubcommandOptions) Bind(flags *pflag.FlagSet) { | ||
flags.StringVar(&o.Kubeconfig, "kubeconfig", "", "Path to the kubeconfig file to use for CLI requests.") | ||
flags.StringVar(&o.Host, "host-cluster-context", "", "Host cluster context") | ||
flags.StringVar(&o.FederationSystemNamespace, "federation-system-namespace", DefaultFederationSystemNamespace, "Namespace in the host cluster where the federation system components are installed") | ||
flags.StringVar(&o.CredentialsKubeconfig, "use-credentials-kubeconfig", "", "Kubeconfig file path on local file system, which should be used to authenticate with base cluster (instead of the default kubeconfig)."+ | ||
"This can be used to override the RBAC based authentication while initialising the federation control plane, even when the base cluster exposes the RBAC API.") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the term base cluster
can be cause of confusion to user. Did you mean host cluster?
@@ -146,6 +162,7 @@ func TestUnjoinFederation(t *testing.T) { | |||
cmd := NewCmdUnjoin(f, buf, errBuf, adminConfig) | |||
|
|||
cmd.Flags().Set("kubeconfig", tc.kubeconfigExplicit) | |||
cmd.Flags().Set("use-credentials-kubeconfig", tc.kubeconfigForCredentials) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: maybe just drop use-
from flag name in use-credentials-kubeconfig
@shashidharatd updated. Please check! |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: irfanurrehman, shashidharatd The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Implements functionality as discussed in #210.
kubefed gets a new flag
--use-credentials-kubeconfig
./assign @shashidharatd