Allow Function Controller to use mounted OAuth token instead of serviceaccount

vmware-archive / http-trigger

Kubernetes CRD controller for http invocation of Kubeless functions

Apache License 2.0

9 stars 27 forks source link

Allow Function Controller to use mounted OAuth token instead of serviceaccount #5

Closed jamding closed 5 years ago

jamding commented 5 years ago

Issue Ref: #4

Description: This PR allows you to supply a bearer token for the Kubeless Function Controller to use for k8s operations instead of using a k8s service account. Do so by setting the environmental variable KUBELESS_TOKEN_FILE_PATH to the filepath where a file containing the bearer token will be mounted.

TODOs:

[ ] Ready to review
[ ] Automated Tests
[ ] Docs

@andresmgot

jamding commented 5 years ago

Originally I'd considered vendoring a more recent version of kubeless to avoid duplicating code between repos, but this repo already owns all its own functionality around constructing clients in k8sutils.go, e.g. https://github.com/kubeless/http-trigger/commit/c1e54f11ade22127f9373bf32deae0dc29ac6cfe. This remains consistent with the decision.

andresmgot commented 5 years ago

Hi @jamding, thanks for the PR! I still think that it's better to use your code from kubeless rather that copying the function here again.

Note that there is a difference between this PR and the commit you point. In that commit we are using GetKubelessClientOutCluster() (versioned.Interface, error) where versioned is the versioned API of the HTTP trigger, that's why it cannot be placed in the kubeless-core repository.

Would you mind trying to update the vendored version of Kubeless?

jamding commented 5 years ago

@andresmgot closing this in favor of https://github.com/kubeless/http-trigger/pull/7