iabudiab
commented
3 years ago Hey 👋 sorry for the delayed reply. I was trying to enjoy the last couple of days in my short vacation 😬
Yes, I've thought about this and it's currently not on the "near" roadmap, because I want to focus on the whole API part first, then proper CRD support second.
IMHO, supporting the exec auth only makes sense in cli or desktop apps, which should handle this scenario. This client can be used in such apps with no problem, and it would be the responsibility of the wrapping app/tool to handle the external process call, parsing the response, mapping it to a client-config instance and passing it to the client init. This is what kubectl does.
Having said that, we could however provide an abstraction for the exec plugin, that is processed by an external auth plugin implementation. If you want to, we could bounce some ideas around 😉
t089
k8s.io/client-goand tools using it such askubectlandkubeletare able to execute an external command to receive user credentials. Have you thought about supporting this feature for this client implementation as well? For example, for AWS managed EKS clusters, you need to callaws eks get-tokento obtain an (expiring) k8s bearer token to access the cluster from your development machine. For now this can be done before creating a client instance and the use the result as thebearer token.