search

loft-sh / vcluster

vCluster - Create fully functional virtual Kubernetes clusters - Each vcluster runs inside a namespace of the underlying k8s cluster. It's cheaper than creating separate full-blown clusters and it offers better multi-tenancy and isolation than regular namespaces.
https://www.vcluster.com
Apache License 2.0
6.26k stars 398 forks source link

expose ca data, certificate and key along kubeconfig #226

Closed janwillies closed 2 years ago

janwillies commented 2 years ago

When creating a vcluster there's a Kubernetes Secret created which holds the information to connect to the vcluster. The single key of the secret is config and the value is an encoded kubeconfig, which is by default consumable by many clients (kubectl, crossplane provider-helm, provider-kubernetes, ...).

Some clients however are not able to consume a kubeconfig file, but rather use dedicated parameters to setup the connection (e.g. https://github.com/argoproj/argo-cd/issues/4651)

It would be great if vcluster would expose the connectivity information as top level keys in the Kubernetes Secret:

apiVersion: v1
kind: Secret
metadata:
  name: vcluster-1
data:
  certificate-authority-data: LS0tL...
  client-certificate-data: LS0tL...
  client-key-data: LS0tL...
  config: YXBpVm...
FabianKramm commented 2 years ago

@janwillies thanks for creating this issue! Yes that makes sense, we can just add this information to the secret as well.