Closed moshloop closed 6 days ago
As part of the tenant chart:
Create a new service account with permissions only to the CRD's, Configmaps and Secrets
Create a service-account secret: https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#create-token
Add an api endpoint /api/kubeconfig to retrieve the kubeconfig - generate it and fill in the token from the secret.
/api/kubeconfig
Add an api endpoint /api/kube-proxy that forward traffic to kubernetes.default.svc stripping off the path
/api/kube-proxy
kubernetes.default.svc
Approach: Support Whatever is supported by flux kustomize Start with basic git:// Strategic merge patches to delete/whitelist
Gitops data in a mission-control table Once added:
As part of the tenant chart:
Create a new service account with permissions only to the CRD's, Configmaps and Secrets
Create a service-account secret: https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#create-token
Add an api endpoint
/api/kubeconfig
to retrieve the kubeconfig - generate it and fill in the token from the secret.Add an api endpoint
/api/kube-proxy
that forward traffic tokubernetes.default.svc
stripping off the path