feat(web): support k8s multi-cluster authentication with exec provider

tsuru · Jun 1, 2023 · 8a8cb7a · 8a8cb7a
1 parent e2a20ac
commit 8a8cb7a
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 8 deletions.
diff --git a/Dockerfile.api b/Dockerfile.api
@@ -1,13 +1,17 @@
 FROM golang:1.20-alpine3.18 AS builder
 COPY . /go/src/github.com/tsuru/rpaas-operator
 WORKDIR /go/src/github.com/tsuru/rpaas-operator
-RUN apk add --update gcc git make musl-dev && \
-    make build/api
+RUN set -x \
+    && apk add --update gcc git make musl-dev \
+    && make build/api
 
-FROM alpine:3.18
+FROM google/cloud-sdk:alpine
+RUN set -x \
+    && gcloud --version \
+    && gcloud --quiet components install gke-gcloud-auth-plugin \
+    && gke-gcloud-auth-plugin --version \
+    && apk add --update --no-cache ca-certificates \
+    && update-ca-certificates
 COPY --from=builder /go/src/github.com/tsuru/rpaas-operator/bin/api /bin/rpaas-api
-RUN apk update && \
-    apk add --no-cache ca-certificates && \
-    rm /var/cache/apk/*
 EXPOSE 9999
 CMD ["/bin/rpaas-api"]
diff --git a/internal/config/config.go b/internal/config/config.go
@@ -65,6 +65,7 @@ type ClusterConfig struct {
 	CA        string `json:"ca"`
 
 	AuthProvider *clientcmdapi.AuthProviderConfig `json:"authProvider"`
+	ExecProvider *clientcmdapi.ExecConfig         `json:"execProvider"`
 }
 
 var rpaasConfig struct {

diff --git a/main.go b/main.go
@@ -12,7 +12,6 @@ import (
 	"text/template"
 	"time"
 
-	_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 

diff --git a/pkg/web/target/multi-cluster.go b/pkg/web/target/multi-cluster.go
@@ -13,7 +13,6 @@ import (
 	"github.com/tsuru/rpaas-operator/internal/pkg/rpaas"
 	"github.com/tsuru/rpaas-operator/pkg/observability"
 	extensionsruntime "github.com/tsuru/rpaas-operator/pkg/runtime"
-	_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
 	"k8s.io/client-go/rest"
 	sigsk8sclient "sigs.k8s.io/controller-runtime/pkg/client"
 )
@@ -90,6 +89,7 @@ func (m *multiClusterFactory) Manager(ctx context.Context, headers http.Header)
 	if err != nil {
 		return nil, err
 	}
+
 	k8sClient, err := sigsk8sclient.New(kubernetesRestConfig, sigsk8sclient.Options{Scheme: extensionsruntime.NewScheme()})
 	if err != nil {
 		return nil, err
@@ -138,6 +138,10 @@ func (m *multiClusterFactory) getKubeConfig(name, address string) (*rest.Config,
 		restConfig.AuthProvider = selectedCluster.AuthProvider
 	}
 
+	if selectedCluster.ExecProvider != nil {
+		restConfig.ExecProvider = selectedCluster.ExecProvider
+	}
+
 	if selectedCluster.CA != "" {
 		caData, err := base64.StdEncoding.DecodeString(selectedCluster.CA)
 		if err != nil {