Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate token for controllers #16

Closed
tamalsaha opened this issue Sep 12, 2018 · 3 comments
Closed

Generate token for controllers #16

tamalsaha opened this issue Sep 12, 2018 · 3 comments
Assignees
@nightfury1204
Labels
area/policy
Milestone
0.1.0

Comments

@tamalsaha
Copy link
Member

We create predefined service accounts for

  • Policy controller appscode:vault:policy-manager
  • DB User Manager controller appscode:vault:db-manager

Then create policy necessary for these controllers and associate them with the service accounts using the root token.

Then individual controllers can use those service accounts to talk to Vault and perform operations.
@tamalsaha
Copy link
Member Author

Each control loop uses the respective service account to run
See https://github.com/kubernetes/kubernetes/blob/master/pkg/controller/client_builder.go#L108 for where the controller manager sets up the service account and credentialed client config
See calls to ClientOrDie for where it is used

@tamalsaha tamalsaha added this to the 0.1.0 milestone Sep 19, 2018
@tamalsaha
Copy link
Member Author

Necessary classes copied into https://github.com/appscode/kutil/tree/master/tools/controller

@tamalsaha
Copy link
Member Author

Done.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nightfury1204 nightfury1204

Labels
area/policy
Projects
None yet
Milestone
0.1.0
Development

No branches or pull requests
2 participants
@tamalsaha @nightfury1204