8000 Add support for CredentialsBindings · Issue #521 · gardener/gardenctl-v2 · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Add support for CredentialsBindings #521

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Tracked by #9586
etiennnr opened this issue Feb 19, 2025 · 2 comments
Closed
Tracked by #9586

Add support for CredentialsBindings #521

etiennnr opened this issue Feb 19, 2025 · 2 comments
Labels
component/gardenctl Gardener CLI kind/enhancement Enhancement, improvement, extension status/closed Issue is closed (either delivered or triaged)

Comments

@etiennnr
Copy link
Contributor

What would you like to be added:
Right now, when using provider-env to login to the Cloud provider CLI, gardenctl fetches the credentials based on the shoot's secretBindingName

gardenctl-v2/pkg/cmd/providerenv/options.go

Lines 169 to 186 in 41e47d4

if (shoot.Spec.SecretBindingName == nil || *shoot.Spec.SecretBindingName == "") &&
(shoot.Spec.CredentialsBindingName == nil || *shoot.Spec.CredentialsBindingName == "") {
return fmt.Errorf("shoot %q is not bound to a cloud provider credential", o.Target.ShootName())
}
var (
secretName string
secretNamespace string
)
if shoot.Spec.SecretBindingName != nil && *shoot.Spec.SecretBindingName != "" {
secretBinding, err := client.GetSecretBinding(ctx, shoot.Namespace, *shoot.Spec.SecretBindingName)
if err != nil {
return err
}
secretName = secretBinding.SecretRef.Name
secretNamespace = secretBinding.SecretRef.Namespace

However, with GEP-26, a new way of authenticating using CredentialsBindings has been added. The end goal of CredentialsBindings is to enable thrust based authentication (which would probably break the provider-env feature anyway), however it also supports secrets referencing (similar to the way secretBindings works, but the format is a bit different, see https://github.com/gardener/gardener/blob/master/example/80-credentialsbinding.yaml)

Why is this needed:

Support the case where we are using CredentialsBindings that is still referencing a secret, aka not break the feature.
@etiennnr etiennnr added component/gardenctl Gardener CLI kind/enhancement Enhancement, improvement, extension labels Feb 19, 2025
@vpnachev vpnachev mentioned this issue Feb 24, 2025
Open
68 tasks
@dimityrmirchev
Copy link
Member

@etiennnr Isn't this already implemented with #464?

What I know is missing is support for workload identity which is tracked in #406

@etiennnr
Copy link
Contributor Author

Ahh yes, my bad. I just didn't have the up to date version on my computer...

Thanks

/close

@gardener-robot gardener-robot added the status/closed Issue is closed (either delivered or triaged) label Feb 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component/gardenctl Gardener CLI kind/enhancement Enhancement, improvement, extension status/closed Issue is closed (either delivered or triaged)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dimityrmirchev @etiennnr @gardener-robot
0