Comments (4)
Hi, thank you for the recommendation. We have considered to use this approach. I have decided to use an alpine/openssl
init container to generate the JWT token that will be used by the alpine/k8s
container to request for the installation token then save the token into a Kubernetes secret. Both can be done in a single Kubernetes cronjob since the JWT token has a shorter expiry period than the installation token.
from k8s.
could you show me the command of cronjob you run with?
from k8s.
Our current use-case is different from the example I mentioned. We are currently using the following function based in Github's example as part of our script to generate a JWT token in order to request Github app installation tokens for one of our deployments:
function generate_jwt() {
local app_id
local pem
local jwt
app_id=$1 # App ID as first argument
pem=$2 # file path of the private key as second argument
now=$(date +%s)
iat=$((now - 60)) # Issues 60 seconds in the past
exp=$((now + 600)) # Expires 10 minutes in the future
b64enc() { openssl base64 | tr -d '=' | tr '/+' '_-' | tr -d '\n'; }
header_json='{
"typ":"JWT",
"alg":"RS256"
}'
# Header encode
header=$( echo -n "${header_json}" | b64enc )
payload_json='{
"iat":'"${iat}"',
"exp":'"${exp}"',
"iss":'"${app_id}"'
}'
# Payload encode
payload=$( echo -n "${payload_json}" | b64enc )
# Signature
header_payload="${header}"."${payload}"
signature=$(
openssl dgst -sha256 -sign <(echo -n "${pem}") \
<(echo -n "${header_payload}") | b64enc
)
# Create JWT
jwt="${header_payload}"."${signature}"
echo -n "${jwt}"
}
The acquired Github app installation token is then added to a secret in the cluster using kubectl
.
I haven't found a way to do this yet without openssl but am open to suggestions.
from k8s.
So we need split it.
- job 1, get the jwt, you can do it in another docker, which you can install openssl in it with git and other tools. These tools are more generic more than k8s.
- job 2, feed the jwt to docker
alpine/k8s
Will this be fine for you?
from k8s.
Related Issues (20)
- Use latest aws-iam-authenticator HOT 2
- kubectl broken in latest builds HOT 6
- Candidate Tools to add HOT 24
- Is it possible to remove test data keys from the image build to avoid container security scanning alerts? HOT 5
- Environment variables not expanded. HOT 1
- Compatible with arm64 HOT 3
- Helm plugins are no longer installed HOT 3
- add automation test in build pipeline HOT 1
- support azure cli as well HOT 4
- Update Helm Unittest repository HOT 2
- Compatibility of Helm with K8s HOT 1
- ansible HOT 1
- Vulnerabilities on this image HOT 1
- about azure-tool HOT 1
- Missing colordiff as external diff for kubectl HOT 2
- Install helm plugin: helm-secrets HOT 3
- Add kubeconform HOT 3
- No new image releases for alpine/k8s on docker-hub? HOT 4
- add helmfile HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from k8s.