Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/arthurvardevanyan/k8s-federated-credential-api

Last synced: 21 days ago
JSON representation

Host: GitHub
URL: https://github.com/arthurvardevanyan/k8s-federated-credential-api
Owner: ArthurVardevanyan
Created: 2024-04-10T20:16:22.000Z (10 months ago)
Default Branch: main
Last Pushed: 2024-12-23T15:46:42.000Z (about 1 month ago)
Last Synced: 2024-12-23T16:24:05.608Z (about 1 month ago)
Language: YAML
Size: 142 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 5
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # Kubernetes Federated Credential Api

- [Kubernetes Federated Credential Api](#kubernetes-federated-credential-api)

  - [FlowChart](#flowchart)

  - [Build](#build)

    - [Other Notes](#other-notes)

  - [Usage](#usage)

## FlowChart

```mermaid

graph TD

 linkStyle default interpolate basis

subgraph KFCA

api{Federated Credential API}-->sa[Verify Service Account Annotations]

end

subgraph Machine Accounts

    client1[OpenShift Client]-->api

    client2[Google Service Account]-->api

    client3[Azure App Registration]-->api

   client4[Generic Machine Account]-->api

end

subgraph OIDC Endpoints

   api--->oidc1[OpenShift OIDC Keys Endpoint]

    api--->oidc2[Google OIDC Endpoint]

    api--->oidc3[Azure OIDC Endpoint]

   api--->oidc4[Generic OIDC Endpoint]

end

```

## Build

```bash

make goa-gen

export KO_DOCKER_REPO=""

make ko-build

```

### Other Notes

```bash

go install goa.design/goa/v3/cmd/goa@v3

go get goa.design/goa/v3/[email protected]

mkdir -p k8s-federated-credential-api/design

cd k8s-federated-credential-api

go mod init k8s-federated-credential-api

~/go/bin/goa gen k8s-federated-credential-api/design

#~/go/bin/goa example k8s-federated-credential-api/design

go build -C cmd/kfca -o /tmp/kfca && /tmp/kfca

```

## Usage

Requesting a token for remote kubernetes service account.

Example of target service account annotation can be found in `examples/example.yaml`

```bash

export JSON='{

  "namespace": "smoke-tests",

  "ServiceAccountName": "default"

}'

curl --header "Authorization: Bearer $(kubectl create token default --duration=1h -n default)"\

  "http://localhost:8088/exchangeToken" -X POST \

  -H "Content-type: application/json" \

  -H "Accept: application/json" \

  -d "${JSON}" | jq

```