Coder Social home page Coder Social logo

vshn / kube-token-refresher Goto Github PK

View Code? Open in Web Editor NEW
0.0 4.0 0.0 51 KB

A simple tool to refresh access token an write them to Kubernetes secrets

License: BSD 3-Clause "New" or "Revised" License

Dockerfile 1.09% Makefile 6.76% Go 92.15%
vshn-project-ignore

kube-token-refresher's Introduction

kube-token-refresher

The kube-token-refresher is a tool to periodically fetch access token and write them to Kubernetes secrets. It fetches the access token using the OpenId Connect Client Credentials grant.

This enables systems that expect long lived access token to work with short lived tokens that expire frequently.

Configuration

The kube-token-refresher can be configured using a YAML file, environment variables, or command line flags.

---
## kube-token-refresher configuration

secret:
  # Name of the secret to write to
  name: ''

  # Namespace of the secret to write to
  namespace: ''

  # The key in the specified secret to write the token to
  key: 'token'

# In what interval (in seconds) to fetch a new token and update the secret
# You should count in possible timeouts upon refreshing and also mount update, see
# https://kubernetes.io/docs/concepts/configuration/secret/#mounted-secrets-are-updated-automatically
interval: 500

log:
  # How verbose the logging should be. One of:
  # * debug
  # * info
  # * warn
  level: 'info'

  # What format to log in. One of
  # * text
  # * json
  format: 'text'

# Configures how to connect to the OIDC provider
oidc:
  # The toke endpoint of the OpenId Connect provider
  #
  # Usually in the form of: `https://<domain>/token`
  tokenurl: ''

  # The Client ID
  clientid: ''

  # The Client Secret
  clientsecret: ''

The configuration file has to be specified directly with the --config flag.

Environment Variables

All configuration values can be set through environment variables. The configuration key is translated to a environment variable with the prefix KTR_ and the key name in all caps. For nested configuration keys the levels are separated with _.

# Will set the logLevel to `debug`
export KTR_LOG_LEVEL="debug"

# Will set the OIDC tokenUrl to `https://auth.vshn.net/token`
export KTR_OIDC_TOKENURL="https://auth.vshn.net/token"

Environment variables will take precedence over the configuration file.

Command Line Flags

All configuration values can also be set through command line flags. The configuration key is directly translated to the flag. Nested configuration keys are separated with ..

# Will set the logLevel to `warn`
./kube-token-refresher --log.level warn

# Will set the OIDC tokenUrl to `https://auth.vshn.net/token`
./kube-token-refresher --oidc.tokenurl="https://auth.vshn.net/token"

Command line flags will take precedence over both the configuration file and environment variables.

Deploy

To deploy the kube-token-refresher you need OIDC credentials capable of requesting an access token, and Kubernetes credentials to get and update the specified secret. If the kube-token-refresher is expected to create the specified secret, it will also need permission to create secrets.

kube-token-refresher's People

Contributors

glrf avatar renovate-bot avatar

Watchers

avatar avatar avatar avatar

kube-token-refresher's Issues

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

  • Update module github.com/knadh/koanf to v2

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

dockerfile
Dockerfile
github-actions
.github/workflows/lint.yml
  • actions/checkout v2
  • actions/setup-go v2
  • actions/cache v2
.github/workflows/release.yml
  • actions/checkout v2
  • actions/setup-go v2
  • actions/cache v2
  • docker/login-action v1
  • mikepenz/release-changelog-builder-action v2
  • goreleaser/goreleaser-action v2
.github/workflows/test.yml
  • actions/checkout v2
  • actions/setup-go v2
  • actions/cache v2
gomod
go.mod
  • go 1.16
  • github.com/knadh/koanf v1.1.1
  • github.com/sirupsen/logrus v1.8.1
  • github.com/spf13/pflag v1.0.5
  • k8s.io/api v0.21.2
  • k8s.io/apimachinery v0.21.2
  • sigs.k8s.io/controller-runtime v0.9.2
  • Check this box to trigger a request for Renovate to run again on this repository

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.