new post on using client-go library and kubernetes authentication

[xphyr]

What this PR does / why we need it:

The following is a new blog post for the kubevirt.io blog. It is based on some work I did for a customer who was asking about how to handle authentication when using the client-go library. Post is designed to show how the client-go library can leverage both KUBECONFIG as well as detect it is running inside k8s and leverage the auth token of the service account it is running as. It also discusses the use of k8s service accounts, and how to create them.

Special notes for your reviewer:

Use of a service account and token is based on my understanding of the best way to handle k8s authentication from an application. Please review and let me know if there is a better or more secure way to handle this sort of request.

Signed-off-by: Mark DeNeve markd@xphyr.net

[kubevirt-bot]

Hi @xphyr. Thanks for your PR.

I'm waiting for a kubevirt member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[mazzystr]

/ok-to-test

[mazzystr]

@xphyr Would you like to become a KubeVirt org member? One of the benefits is CI tests will automatically run for your pull reqs

[xphyr]

Yes, that would be great. Thank you. Please let me know what is required from me to join.

[dhiller]

Yes, that would be great. Thank you. Please let me know what is required from me to join.

@xphyr please have a look at this document: https://github.com/kubevirt/community/blob/master/membership_policy.md#member

Here's an example membership onboarding PR: kubevirt/project-infra#1424

[dhiller]

Great post, thanks for your work!

[dhiller]

Suggested change

	In this demo we used RBAC roles created as part of the KubeVirt install. You can also create custom RBAC roles for KubeVirt. Documentation on how this can be done is available in the KubeVirt documentation [Creating Customer RBAC Roles](https://kubevirt.io/user-guide/operations/authorization/#creating-custom-rbac-roles)
	In this demo we used RBAC roles created as part of the KubeVirt install. You can also create custom RBAC roles for KubeVirt. Documentation on how this can be done is available in the KubeVirt documentation [Creating Custom RBAC Roles](https://kubevirt.io/user-guide/operations/authorization/#creating-custom-rbac-roles)

[xphyr]

@dhiller I have fixed the typo, thanks for the catch. I believe this should be all set.

[dhiller]

Keywords which can automatically close issues and at(@) or hashtag(#) mentions are not allowed in commit messages.

The list of commits with invalid commit messages:

* [2c8a115](https://github.com/kubevirt/kubevirt.github.io/commits/2c8a115562e4ddda128b53a0453aa2b3399e86b2) fixing typo per @dhiller review

@xphyr can you amend the commit message as requested, please! Thanks!

/approve
/hold

[xphyr]

@dhiller sorry about that. I have amended the commit message, and removed the offending characters. it should be all set now.

[dhiller]

Thanks!

[mazzystr]

/lgtm /Approve

…

On Thu, Jul 15, 2021, 12:23 AM Daniel Hiller ***@***.***> wrote: ***@***.**** approved this pull request. Thanks! — You are receiving this because your review was requested. Reply to this email directly, view it on GitHub <#764 (review)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAS5KZYEAQBSWZNHDY7ULRLTX2EHBANCNFSM5ABFBXQA> .

[kubevirt-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dhiller, mazzystr

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [dhiller,mazzystr]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[mazzystr]

/ok-to-test

…

On Thu, Jul 15, 2021, 8:45 AM kubevirt-bot ***@***.***> wrote: [APPROVALNOTIFIER] This PR is *APPROVED* This pull-request has been approved by: *dhiller <#764 (comment)>*, *mazzystr <#764 (comment)>* The full list of commands accepted by this bot can be found here <https://go.k8s.io/bot-commands?repo=kubevirt%2Fkubevirt.github.io>. The pull request process is described here <https://git.k8s.io/community/contributors/guide/owners.md#the-code-review-process> Needs approval from an approver in each of these files: - OWNERS <https://github.com/kubevirt/kubevirt.github.io/blob/master/OWNERS> [dhiller,mazzystr] Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment — You are receiving this because you were assigned. Reply to this email directly, view it on GitHub <#764 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAS5KZ27MZIFB45X3NES3UDTX37CZANCNFSM5ABFBXQA> .