-
Notifications
You must be signed in to change notification settings - Fork 295
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Generate kube config based on plugin RBAC #1020
Merged
josefkarasek
merged 15 commits into
kubeshop:main
from
josefkarasek:generate-kubeconfig
Mar 23, 2023
Merged
Changes from 2 commits
Commits
Show all changes
15 commits
Select commit
Hold shift + click to select a range
72653f1
generate kube config
069937a
distribute kubeConfig as `[]bytes`
6a567d5
handle helm executor
f85e722
implement fn
cfd4e9d
working helm executor
d52875d
implement sources
8841af2
update values.yaml
c7f7bcb
include generated grpc resource
a47d83d
fix tests
387907d
process chart
750fdef
use default namespace
61f7920
update e2e values.yaml
0dd2fe5
WIP: channel membership
75352fb
revert UserGroups
670b48b
rename kubeConfigBytes field
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This might break existing functionality. We might as well remove kube config from config
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🤔 I think it would be great to keep the existing functionality of passing external kubeconfig. This functionality is great to connect to an external cluster. So Botkube can reside e.g. on cluster A, but it can listen for events + execute commands from cluster B.
Options I see:
kubeconfigas it were before, which overrides kubeconfig for all (sources, executors) and we ignorecontext.rbac🤔 That would need to load the file from path, right?kubeconfigas a base for generated kubeconfigs (with modifyingimpersonate-related properties)context.kubeconfig.pathproperty which takes custom kubeconfig as a path and injects it in a given plugin.I'd prefer third option I think 🤔 Let's chat about this in our team.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
2 cents from my side: I like that option however, even Argo Workflow which is quite popular project, it doesn't support external/multi-cluster (they have issue opened for more that 2years now). If someone wants to have such functionality, they can always use https://github.com/virtual-kubelet/virtual-kubelet#providers. Of course, it brings additional maintenance cost, but it's also a more powerful and “safer” option.
Maybe at the end it just brings not necessary complexity to the Botkube itself? Probably it's a question to @brampling whether we should leave that functionality or not.
However, if we will decide to leave that functionality, it would be good to name it like
context.remote.kubeconfig? so it is easier to distinguish current cluster RBAC usage vs external one.