Andrew Keesler
fdd8ef5835
internal/concierge/impersonator: handle custom login API group
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-02-16 07:55:09 -05:00
Andrew Keesler
6512ab1351
internal/concierge/impersonator: don't care about namespace
...
Concierge APIs are no longer namespaced (see f015ad5852
2021-02-15 17:11:59 -05:00
Ryan Richard
5cd60fa5f9
Move starting/stopping impersonation proxy server to a new controller
...
- Watch a configmap to read the configuration of the impersonation
proxy and reconcile it.
- Implements "auto" mode by querying the API for control plane nodes.
- WIP: does not create a load balancer or proper TLS certificates yet.
Those will come in future commits.
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-02-11 17:25:52 -08:00
Andrew Keesler
9b87906a30
Merge remote-tracking branch 'upstream/main' into impersonation-proxy
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-02-11 11:03:33 -05:00
Ryan Richard
268ca5b7f6
Add config structs in impersonator package
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-02-09 13:44:19 -08:00
Andrew Keesler
8697488126
internal/concierge/impersonator: use kubeconfig from kubeclient
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-02-09 15:28:56 -05:00
Andrew Keesler
812f5084a1
internal/concierge/impersonator: don't mutate ServeHTTP() req
...
I added that test helper to create an http.Request since I wanted to properly
initialize the http.Request's context.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-02-09 13:25:32 -05:00
Matt Moyer
64aff7b983
Only log user ID, not user name/groups.
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-02-03 09:31:30 -08:00
Margo Crawford
b6abb022f6
Add initial implementation of impersonation proxy.
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-02-03 09:31:13 -08:00
