Implement CLI command to be used as kube config credentials plugin
Problem to solve
As a follow-up on Provide a user-based kubeconfig using the GitLa... (&6038), we would like to integrate the local cluster connections with glab
.
As a Developer, in order to access the clusters I'm authorized to reach
- I want to easily list the GitLab-cluster connections I can access
- I want to easily update my local kubeconfig with a selected connection
- I want to create a separate personal access token for cluster access
Proposal
Implement a Kubernetes credentials plugin which can be used in a user
kube config entry to retrieve a k8s_proxy
-scoped PAT to access an agent.
The command may be implemented as: glab cluster agent get-token --agent=<agent-id>
and configured via glab cluster agent update-kubeconfig --agent=<agent-id>
to something like this:
apiVersion: v1
kind: Config
clusters:
- cluster:
server: https://kas.gitlab.com/k8s-proxy
name: gitlab
contexts:
- context:
cluster: gitlab
user: gitlab-user
name: gitlab-agent
current-context: gitlab-agent
preferences: {}
users:
- name: gitlab-user
user:
exec:
apiVersion: "client.authentication.k8s.io/v1"
command: "glab"
args:
- cluster
- agent
- get-token
- --agent
- 1234
interactiveMode: IfAvailable
Links / references
Edited by Timo Furrer