Comments (3)
Thank you! So, there are a few methods beyond the trivial config file. That, combined with its popularity, is a good reason to support kr8s out of the box. A PR would be highly welcome!
from kopf.
Hello. No, doing the same as for pykube-ng would be sufficient.
For context: pykube-ng (ex-pykube) is there mostly for historic reasons: at some point, Kopf used it as an API client (before switching to requests
, then to aiohttp
), so it was left for backward compatibility.
Overall, I prefer not to overcomplicate Kopf's code except for the major widely used libraries, such as the official k8s client, so I am conservative here. But I would prefer it even more not to turn Kopf into a K8s API client, so it is better to delegate all the auth job to other libraries for cases beyond simple reading of the kubeconfig file "as is" (e.g. all the interactive token retrieval, live token rotation/refresh, encryption/decryption, so on).
Kr8s seems to be popular enough to add it out of the box, so this criterion is satisfied. Can you please summarize, which auth methods it has beyond the trivial ones? If there are some, its support can be added to Kopf.
PS: If sending a PR, please add thorough tests for it too — the same as for pykube-ng & the official client (with and without the module installed, as simulated by pytest fixtures).
from kopf.
Thanks @nolar!
Can you please summarize, which auth methods it has beyond the trivial ones?
Kr8s supports the following auth methods:
- Client certificates
- Tokens
- Exec with rotation/refresh (seems to be very popular these days with hosted Kubernetes)
- OIDC (refresh coming soon kr8s-org/kr8s#125)
- Username/password (this was removed in Kubernetes 1.19 and will be removed from
kr8s
kr8s-org/kr8s#240)
Note that kr8s
doesn't support the legacy auth-provider
methods other than OIDC which have been removed in upstream Kubernetes in favour of exec.
from kopf.
Related Issues (20)
- kubeconfig proxy-url support
- Monitor watchers with Liveness Probe
- Integrate kopf with kinD not minikube HOT 3
- Flakey behavior of on.create handler not reacting to CRO creation event. HOT 1
- Automating Kopf Operator Code Updates: Seeking a Convenient Solution to Avoid Tedious Run Commands HOT 1
- Controlling Kopf Operator Behavior to Prevent Unwanted Object Creation HOT 8
- Using named import in kopf
- Handle large resource spec being annotated to `last-handled-configuration` HOT 3
- Namespace deletion is stuck when using namespace selector startup mode HOT 1
- Infinite watch-streams stopping immediately with no obvious reasons why. The watched resources do then spin up.
- Liveness probe stops working HOT 2
- Kubernetes client not configured in startup handler HOT 3
- Admission Controller Path
- `FieldSpec` and `resolve` does not support list access
- Attach to container start event
- Behaviour of timer with finalizer
- Finalisers race condition
- Finalizers from other controllers conflicting with kopf finalizer
- Kopf does not restart after 429 too many requests error HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kopf.