Skip to content
This repository has been archived by the owner on Apr 21, 2019. It is now read-only.

Alternative path (then default usage of RBAC) for kubefed cluster access #247

Merged
merged 4 commits into from Mar 26, 2018
Merged

Alternative path (then default usage of RBAC) for kubefed cluster access #247

merged 4 commits into from Mar 26, 2018

Conversation

irfanurrehman
Copy link
Contributor

Implements functionality as discussed in #210.
kubefed gets a new flag --use-credentials-kubeconfig.
/assign @shashidharatd

@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Mar 13, 2018
@irfanurrehman
Copy link
Contributor Author

@shashidharatd please have a look!

shashidharatd
shashidharatd reviewed Mar 19, 2018
View reviewed changes
Copy link
Contributor

@shashidharatd shashidharatd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry @irfanurrehman for the delay. Couple of minor nits. looks fine otherwise.

pkg/kubefed/util/util.go Outdated
}

func (o *SubcommandOptions) Bind(flags *pflag.FlagSet) {
flags.StringVar(&o.Kubeconfig, "kubeconfig", "", "Path to the kubeconfig file to use for CLI requests.")
flags.StringVar(&o.Host, "host-cluster-context", "", "Host cluster context")
flags.StringVar(&o.FederationSystemNamespace, "federation-system-namespace", DefaultFederationSystemNamespace, "Namespace in the host cluster where the federation system components are installed")
flags.StringVar(&o.CredentialsKubeconfig, "use-credentials-kubeconfig", "", "Kubeconfig file path on local file system, which should be used to authenticate with base cluster (instead of the default kubeconfig)."+
"This can be used to override the RBAC based authentication while initialising the federation control plane, even when the base cluster exposes the RBAC API.")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the term base cluster can be cause of confusion to user. Did you mean host cluster?

pkg/kubefed/unjoin_test.go
@@ -146,6 +162,7 @@ func TestUnjoinFederation(t *testing.T) {
cmd := NewCmdUnjoin(f, buf, errBuf, adminConfig)

cmd.Flags().Set("kubeconfig", tc.kubeconfigExplicit)
cmd.Flags().Set("use-credentials-kubeconfig", tc.kubeconfigForCredentials)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: maybe just drop use- from flag name in use-credentials-kubeconfig

@irfanurrehman
Copy link
Contributor Author

@shashidharatd updated. Please check!

@shashidharatd
Copy link
Contributor

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Mar 26, 2018
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: irfanurrehman, shashidharatd

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [irfanurrehman,shashidharatd]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit ccbc47b into kubernetes-retired:master Mar 26, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@shashidharatd shashidharatd shashidharatd left review comments

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm Indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@irfanurrehman @shashidharatd @k8s-ci-robot