kubectl plugin to get OIDC tokens
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore Support specifying a KUBECONFIG file on the CLI. Fixes #2 Jan 3, 2019
.goreleaser.yml
LICENSE Add LICENSE and reference to source code. Jan 28, 2019
NOTICE Added license notice with copyright dates. Jan 29, 2019
README.md Add LICENSE and reference to source code. Jan 28, 2019
kubernetes.go Added license notice with copyright dates. Jan 29, 2019
main.go

README.md

About

This tool will grab the relevant tokens and certificate data for a PKS cluster and configure the user to login to it.

Basic Quickstart

To run directly, simply execute the binary with the required and optional flags:

kubectl-pkstoken -api=api.pks.fullerton.cf-app.com -cluster=ldap.pks.exaforge.com -user=euler -ns=default -kubeconfig=myconfig

  • -api: the hostname of the PKS API
  • -cluster: name of the k8s cluster
  • -user: OIDC username
  • -ns: which namespace should be configured
  • -kubeconfig (optional): write to a specific file rather than default kubeconfig

To run as a kubectl plugin (linux/mac only):

cp kubectl-pkstoken /usr/local/bin

(or anywhere in your $PATH)

then run

kubectl pkstoken

Dont forget to add a Role and Binding for the user like this:

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: default
  name: ns-admin
rules:
  - apiGroups: ["*"]
    resources: ["*"]
    verbs: ["*"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: ns-admins
  namespace: default
subjects:
  - kind: User
    name: "euler"
roleRef:
  kind: Role
  name: ns-admin
  apiGroup: rbac.authorization.k8s.io

Developer Instruction:

Install dependencies

Install go crypto terminal library for password masking

$ go get -t golang.org/x/crypto/ssh/terminal

Compile to binary

Your can also compile to binaries as

$ go build -o kubectl-pkstoken  main.go kubenetes.go