diff --git a/cmd/secretreader-plugin/README.md b/cmd/secretreader-plugin/README.md index c324f19..b80990e 100644 --- a/cmd/secretreader-plugin/README.md +++ b/cmd/secretreader-plugin/README.md @@ -57,7 +57,7 @@ Use the following provider config to exec the secret-reader plugin. } ``` -### Note: `ClusterProfile.status.credentialProviders[].cluster.extensions` +### Note: `ClusterProfile.status.accessProviders[].cluster.extensions` - Required: set `extensions[].name` to `client.authentication.k8s.io/exec`. - The library reads only the `extension` field of that entry and passes it through to `ExecCredential.Spec.Cluster.Config`. @@ -67,7 +67,7 @@ Example: ```yaml status: - credentialProviders: + accessProviders: - name: secretreader cluster: server: https:// diff --git a/examples/controller-example/README.md b/examples/controller-example/README.md index c4cff77..be26ff9 100644 --- a/examples/controller-example/README.md +++ b/examples/controller-example/README.md @@ -5,7 +5,7 @@ This example automatically sets up the following, stores the spoke cluster token - Create a hub cluster and a spoke cluster with kind - On the spoke, create a ServiceAccount and ClusterRole/Binding that can list Pods and issue a token - On the hub, create a Secret with the token in `data.token` -- On the hub, create a `ClusterProfile` with spoke information (set `secretreader` in `status.credentialProviders`) +- On the hub, create a `ClusterProfile` with spoke information (set `secretreader` in `status.accessProviders`) ## Prerequisites @@ -43,7 +43,7 @@ KUBECONFIG=./examples/controller-example/hub.kubeconfig ./examples/controller-ex ## Note: ClusterProfile extensions -- Required: set `status.credentialProviders[].cluster.extensions[].name` to `client.authentication.k8s.io/exec`. +- Required: set `status.accessProviders[].cluster.extensions[].name` to `client.authentication.k8s.io/exec`. - The library reads only the `extension` field of that entry (arbitrary JSON). Other `extensions` entries are ignored. - That `extension` is passed through to `ExecCredential.Spec.Cluster.Config`. The `secretreader` plugin uses `clusterName` in that object. @@ -51,7 +51,7 @@ Example (to be merged into `ClusterProfile.status`): ```yaml status: - credentialProviders: + accessProviders: - name: secretreader cluster: server: https:// diff --git a/examples/controller-example/main.go b/examples/controller-example/main.go index 7b3304d..baf98b9 100644 --- a/examples/controller-example/main.go +++ b/examples/controller-example/main.go @@ -5,16 +5,20 @@ import ( "flag" "log" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" k8sclient "k8s.io/client-go/kubernetes" + clientgoscheme "k8s.io/client-go/kubernetes/scheme" "k8s.io/client-go/tools/clientcmd" ciaclient "sigs.k8s.io/cluster-inventory-api/client/clientset/versioned" "sigs.k8s.io/cluster-inventory-api/pkg/credentials" + crclient "sigs.k8s.io/controller-runtime/pkg/client" ) func main() { // Flags - credentialsProviders := credentials.SetupProviderFileFlag() + accessProviders := credentials.SetupProviderFileFlag() namespace := flag.String("namespace", "default", "Namespace of the ClusterProfile on the hub cluster") clusterProfileName := flag.String("clusterprofile", "", "Name of the ClusterProfile to target (required)") flag.Parse() @@ -24,7 +28,7 @@ func main() { } // Load providers file - cpCreds, err := credentials.NewFromFile(*credentialsProviders) + cpCreds, err := credentials.NewFromFile(*accessProviders) if err != nil { log.Fatalf("Got error reading credentials providers: %v", err) } @@ -52,7 +56,7 @@ func main() { log.Fatalf("Got error generating spoke rest.Config: %v", err) } - // Create a Kubernetes client for the spoke cluster and list pods + // Example using client-go: Create a Kubernetes client for the spoke cluster and list pods mclient, err := k8sclient.NewForConfig(spokeConfig) if err != nil { log.Fatalf("failed to create spoke client: %v", err) @@ -61,8 +65,26 @@ func main() { if err != nil { log.Fatalf("failed to list pods on spoke: %v", err) } - log.Printf("Listed %d pods on spoke cluster", len(plist.Items)) + log.Printf("[client-go] Listed %d pods on spoke cluster", len(plist.Items)) for _, p := range plist.Items { - log.Printf("pod: %s/%s", p.Namespace, p.Name) + log.Printf("[client-go] pod: %s/%s", p.Namespace, p.Name) + } + + // Example using controller-runtime client + scheme := runtime.NewScheme() + if err := clientgoscheme.AddToScheme(scheme); err != nil { + log.Fatalf("failed to add core scheme: %v", err) + } + crc, err := crclient.New(spokeConfig, crclient.Options{Scheme: scheme}) + if err != nil { + log.Fatalf("failed to create controller-runtime client: %v", err) + } + var crPodList corev1.PodList + if err := crc.List(context.Background(), &crPodList); err != nil { + log.Fatalf("failed to list pods with controller-runtime: %v", err) + } + log.Printf("[controller-runtime] Listed %d pods on spoke cluster", len(crPodList.Items)) + for _, p := range crPodList.Items { + log.Printf("[controller-runtime] pod: %s/%s", p.Namespace, p.Name) } } diff --git a/examples/controller-example/setup-kind-demo.sh b/examples/controller-example/setup-kind-demo.sh index 9ba59c4..cddbeda 100644 --- a/examples/controller-example/setup-kind-demo.sh +++ b/examples/controller-example/setup-kind-demo.sh @@ -125,7 +125,7 @@ EOF STATUS_PATCH=$(cat <