Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 

About

This tool will grab the relevant tokens and certificate data for a PKS cluster and configure the user to login to it.

Basic Quickstart

To run directly, simply execute the binary with the required and optional flags:

kubectl-pkstoken -api=api.pks.fullerton.cf-app.com -cluster=ldap.pks.exaforge.com -user=euler -ns=default -kubeconfig=myconfig

  • -api: the hostname of the PKS API
  • -cluster: name of the k8s cluster
  • -user: OIDC username
  • -ns: which namespace should be configured
  • -kubeconfig (optional): write to a specific file rather than default kubeconfig

To run as a kubectl plugin (linux/mac only):

cp kubectl-pkstoken /usr/local/bin

(or anywhere in your $PATH)

then run

kubectl pkstoken

Dont forget to add a Role and Binding for the user like this:

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: default
  name: ns-admin
rules:
  - apiGroups: ["*"]
    resources: ["*"]
    verbs: ["*"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: ns-admins
  namespace: default
subjects:
  - kind: User
    name: "euler"
roleRef:
  kind: Role
  name: ns-admin
  apiGroup: rbac.authorization.k8s.io

Developer Instruction:

Install dependencies

Install go crypto terminal library for password masking

$ go get -t golang.org/x/crypto/ssh/terminal

Compile to binary

Your can also compile to binaries as

$ go build -o kubectl-pkstoken  main.go kubenetes.go

About

kubectl plugin to get OIDC tokens

Resources

License

Packages

No packages published

Languages