https://github.com/googlecontainertools/gcp-auth-webhook

A Kubernetes webhook for automated GCP authentication.
https://github.com/googlecontainertools/gcp-auth-webhook

Last synced: 6 months ago
JSON representation

A Kubernetes webhook for automated GCP authentication.

• Host: GitHub
• URL: https://github.com/googlecontainertools/gcp-auth-webhook
• Owner: GoogleContainerTools
• License: apache-2.0
• Created: 2020-07-16T16:22:24.000Z (over 5 years ago)
• Default Branch: main
• Last Pushed: 2025-03-20T02:35:36.000Z (8 months ago)
• Last Synced: 2025-04-06T21:06:28.008Z (7 months ago)
• Language: Go
• Homepage:
• Size: 541 KB
• Stars: 20
• Watchers: 7
• Forks: 17
• Open Issues: 7
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Security: SECURITY.md

Awesome Lists containing this project

README

          
# gcp-auth-webhook

A server that includes:

* A mutating webhook that will patch any newly created pods in your Kubernetes cluster with GCP credentials (whose location is currently hardcoded to /var/lib/minikube/google_application_credentials.json).

* A mutating webhook that will patch any newly created service accounts in your Kubernetes cluster with an image pull secret.

* A thread that monitors namespaces to make sure all namespaces include a image pull secret to be able to pull from GCR and AR.

Setting the environment variable `MOCK_GOOGLE_TOKEN` to `true` will prevent using the google application credentials to fetch the token used for the image pull secret. Instead the token will be mocked.

## Deployment

Use the image `gcr.io/k8s-minikube/gcp-auth-webhook` as the image for a Deployment in your Kubernetes manifest and add that to a MutatingWebhookConfiguration. See [minikube](https://github.com/kubernetes/minikube/blob/master/deploy/addons/gcp-auth/gcp-auth-webhook.yaml.tmpl) for details.

## Running Locally

The easiest way to run the server locally is:

* Modify [minikube's](https://github.com/kubernetes/minikube/blob/master/deploy/addons/gcp-auth/gcp-auth-webhook.yaml.tmpl) gcp-auth Deployment image to be `local/gcp-auth-webhook:$(VERSION)` (replace `$(VERSION)` with your version)

* Build and run minikube

* Run `eval $(path_to_minikube/minikube docker-env)` and then `make local-image` to make the image available from within minikube

* Run `path_to_minikube/minikube addons enable gcp-auth` to enable the addon, which creates a pod in the `gcp-auth` namespace with the gcp-auth-webhook server