Hi all. What is best practice to manage admin acce...
# kubernetes
Hi all. What is best practice to manage admin access to a Kubernetes cluster? I'm creating a cluster with
and then want to deploy Strimzi operator with
. The problem I run into is that I don't personally have access to the cluster until I run
gcloud container clusters get-gredentials <cluster_name> --region <region>
and generate the configuration, with certificates, for the cluster. I have a few ideas but I feel like I'm missing something that should work better. Idea 1: I can run the command to get the credentials from gcloud with
after the creation of the cluster and before the Chart. I don't particularly like this idea because it changes the state of my personal environment. For the time being it is not a problem, but once we start working with multiple clusters and multiple developers it is bound to cause problems. And then I'm out of ideas. I'll start by trying idea 1 but I hope I can get some more information here.
I solved it like so:
Copy code
command = new remote.Command(...) // generate kubeconfig to stdout
export const kubeconfig = kubeconfigs.admins.stdout;

const provider = new k8s.Provider("k8s", { kubeconfig });

new k8s.helm.v3.Release("foo", {...}, { provider });
However, due to this bug, it means I cannot refresh my stack šŸ˜•
Thanks @dazzling-oxygen-84405. Have you tried using
instead of
? As I understand it the only difference is that Command is managed and run will just execute, i.e. it won't actually be part of the stack.
as far as I can tell,
is only available for local commands?
aha, that sucks. Well, in my case it doesn't matter since I'm running it locally, so I'll try run first.
šŸ‘ 1
can't you run yours locally though? gcloud should be able to reach the gcp api from your local machine too?
Iā€™m not using gcloud, my
is using
to generate the config for an on-prem cluster.
The k8s part should be the same once you have the kubeconfig, so it should still work for you though. Your command just needs to output the kubeconfig to stdout.
aha, of course, I just assumed you were using some cloud service. my bad
yea, now I have to figure out how to make the gcloud command output to stdout, which seems surprisingly difficult.