Skip to content

Commit

Permalink
Replace oc login with kube config
Browse files Browse the repository at this point in the history 
Using oc login causes issues with what we would like to do in the future
with respect to user impersonation, etc. Simply having a
`/opt/apb/.kube/config file` makes it so that our APBs will run in the
cluster as we expect them to (since the service account token and CA are
in known locations). This also allows for us to run APBs as sytem:admin
using docker as we continue to investigate APBs w/o an Ansible Broker.
  • Loading branch information
@djzager
djzager committed Dec 8, 2017
1 parent 77cda40 commit 380f5b4
Show file tree
Hide file tree
Showing 6 changed files with 23 additions and 16 deletions.
1 change: 1 addition & 0 deletions Dockerfile-canary
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ RUN echo "localhost ansible_connection=local" > /etc/ansible/hosts \

COPY files/etc/ansible/* /etc/ansible/
COPY files/usr/bin/* /usr/bin/
COPY files/kubeconfig /opt/apb/.kube/config

RUN mkdir -p /usr/share/ansible/openshift \
/etc/ansible /opt/ansible \
Expand Down
1 change: 1 addition & 0 deletions Dockerfile-nightly
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,5 +21,6 @@ RUN mkdir -p /usr/share/ansible/openshift \

COPY files/etc/ansible/* /etc/ansible/
COPY files/usr/bin/* /usr/bin/
COPY files/kubeconfig /opt/apb/.kube/config

ENTRYPOINT ["entrypoint.sh"]
5 changes: 3 additions & 2 deletions apb-base-scripts.spec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,18 +23,19 @@ BuildArch: noarch
%install
mkdir -p %{buildroot}%{_bindir}
mkdir -p %{buildroot}%{_sysconfdir}/apb-secrets
mkdir -p %{buildroot}/opt/apb/.kube
install -m 755 files/usr/bin/test-retrieval-init %{buildroot}%{_bindir}
install -m 755 files/usr/bin/test-retrieval %{buildroot}%{_bindir}
install -m 755 files/usr/bin/entrypoint.sh %{buildroot}%{_bindir}
install -m 755 files/usr/bin/oc-login.sh %{buildroot}%{_bindir}
install -m 755 files/kubeconfig %{buildroot}/opt/apb/.kube/config

%files
%doc
%{_bindir}/test-retrieval-init
%{_bindir}/test-retrieval
%{_bindir}/entrypoint.sh
%{_bindir}/oc-login.sh
%dir %{_sysconfdir}/apb-secrets
/opt/apb/.kube/config

%changelog
* Mon Dec 04 2017 Jason Montleon <jmontleo@redhat.com> 1.1.1-1
Expand Down
18 changes: 18 additions & 0 deletions files/kubeconfig
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
apiVersion: v1
clusters:
- cluster:
certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
server: https://kubernetes.default:443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: apb-user
name: /kubernetes/apb-user
current-context: /kubernetes/apb-user
kind: Config
preferences: {}
users:
- name: apb-user
user:
tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
2 changes: 0 additions & 2 deletions files/usr/bin/entrypoint.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,6 @@ if ! whoami &> /dev/null; then
echo "${USER_NAME:-apb}:x:$(id -u):0:${USER_NAME:-apb} user:${HOME}:/sbin/nologin" >> /etc/passwd
fi
fi
oc-login.sh


set +x

Expand Down
12 changes: 0 additions & 12 deletions files/usr/bin/oc-login.sh
View file

This file was deleted.

0 comments on commit 380f5b4

Please sign in to comment.