A server that includes:
- A mutating webhook that will patch any newly created pods in your Kubernetes cluster with GCP credentials (whose location is currently hardcoded to /var/lib/minikube/google_application_credentials.json).
- A mutating webhook that will patch any newly created service accounts in your Kubernetes cluster with an image pull secret.
- A thread that monitors namespaces to make sure all namespaces include a image pull secret to be able to pull from GCR and AR.
Setting the environment variable MOCK_GOOGLE_TOKEN to true will prevent using the google application credentials to fetch the token used for the image pull secret. Instead the token will be mocked.
Use the image gcr.io/k8s-minikube/gcp-auth-webhook as the image for a Deployment in your Kubernetes manifest and add that to a MutatingWebhookConfiguration. See minikube for details.
The easiest way to run the server locally is:
- Build and run minikube
- Run
eval $(minikube docker-env)and thenmake local-image VERSION=VERSION(replaceVERSIONwith your local version) to build and make the image available within minikube's Docker daemon - Run
minikube addons enable gcp-auth --images=GCPAuthWebhook=local/gcp-auth-webhook:VERSION(replaceVERSIONwith your local version) to enable the addon using your local image