Skip to content
This repository has been archived by the owner on Dec 5, 2022. It is now read-only.

No clear Documentation on how to use the library in k8 environment #106

Closed
vijayparashar12 opened this issue Apr 27, 2018 · 7 comments · Fixed by #118
Closed

No clear Documentation on how to use the library in k8 environment #106

vijayparashar12 opened this issue Apr 27, 2018 · 7 comments · Fixed by #118

Comments

@vijayparashar12
Copy link

I do not find any clean documentation how to use tokens library in kubernetes environment .
@hjacobs
Copy link
Contributor

hjacobs commented Apr 27, 2018
edited

@vijayparashar12 good point, we should add some (Zalando internal) documentation. Here is an usage example: https://github.com/zalando-stups/aws-credentials-service/blob/master/app.py

Generally speaking, what you need:

  • token provisioned as secret via PlatformCredentialsSet, select the token name for later usage in the app, e.g. mytoken
  • mount the secret as a volume with a certain path, e.g. /meta/credentials
  • set the environment variable CREDENTIALS_DIR to the path /meta/credentials
  • use the tokens library like:
import tokens
tokens.configure()
tokens.manage('mytoken', ['uid']) # "mytoken" needs to match what was defined in PlatformCredentialsSet
tokens.start()

tokens.get('mytoken')

@vijayparashar12
Copy link
Author

@hjacobs Thanks for the answer, but maybe I was not clear when I created the issue, but what I was looking for is that how can I configure a library that it can work both in STUP and K8 together at the same time, as currently we only want to move our staging in k8 and production in STUP and move production service when we have gain confidence.

P.S I will try to ask this question in Zalando internal forums to get more contextual ans wer

@hjacobs
Copy link
Contributor

hjacobs commented Apr 27, 2018

@vijayparashar12 the above code will work for both STUPS and Kubernetes, you just need to set the right env vars and make sure that the token name corresponds to the token name in PlatformCredentialsSet (the token name did not matter in STUPS).

@BGehrels
Copy link
Contributor

BGehrels commented Jul 9, 2018

form what i can see in the AccessTokensBuilder, the accessTokenUri is still a mandatory setting. If the tokens are now provided by the environment on k8s, is this setting acutally used? If not, should it be removed?

@vijayparashar12
Copy link
Author

@BGehrels Library works on fallback mechanism if they do not find K8 environment they try to fetch token from the token provider via rest. I will say current design is not at all intuitive on whats going on inside the library.

@jbellmann jbellmann changed the title No clear Documentation on how to use the library in k8 enviornment No clear Documentation on how to use the library in k8 environment Jul 17, 2018
jbellmann added a commit that referenced this issue Jul 18, 2018
@jbellmann
#106 update README on how to use on K8s and migration hints
c9e7550
@jbellmann jbellmann mentioned this issue Jul 18, 2018
Merged
jbellmann added a commit that referenced this issue Jul 18, 2018
@jbellmann
#106 update .zappr.yaml to next team
7753cbf
@jbellmann
Copy link
Contributor

@vijayparashar12 @BGehrels please have a look to latest README.md. If you still think there is something missing or should be changed propose your changes in a PR please.

@BGehrels
Copy link
Contributor

Looks great, thanks @jbellmann

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update README on how to use on K8s and migration hints zalando/tokens
4 participants
@jbellmann @hjacobs @BGehrels @vijayparashar12