-
-
Notifications
You must be signed in to change notification settings - Fork 255
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider adding Tokenrequest #84
Comments
First of all, thanks for your effort creating this issue. I don't see this within the scope of the hobby-kube project at this point and adding this will certainly make things more complicated. However, if the changes make sense for a broader audience I'd consider adding this. Are you aware of any other project or reason for enabling this API? |
(Hi, sorry, I did miss the notification) First notice that my example with istio is only here as an example. The goal is not for this project to support istio or whatever but to implement. (as english is not my mother language, i wasn't sure it was clear in the first post). What is
|
Problem it solves
Probably "Wishlist priority"
When Installing latest istio (1.6.0) at the time of writing, I did see the warning:
What it is
See https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection
What to modify on kubelet
See https://jpweber.io/blog/a-look-at-tokenrequest-api/
I think that some certificate must be created and shared, then a few options must be added to kubelet command.
Next steps
Is it interesting for hobby-kube ?
If yes, I may find some times trying this on my own cluster soon and if so I will open a PR to both Guide and provisioning.
If not, feel free to close this issue.
The text was updated successfully, but these errors were encountered: