Skip to content

Commit

Permalink
Merge pull request #4 from spiffe/format
Browse files Browse the repository at this point in the history 
Tested with kubelet and works now
  • Loading branch information
@kfox1111
kfox1111 authored Oct 11, 2024
2 parents cd09084 + 3c72212 commit 90aba3a
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 17 deletions.
7 changes: 5 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,8 +36,11 @@ Remove the "user" block from the "users" section and replace it with:
exec:
apiVersion: "client.authentication.k8s.io/v1"
command: "k8s-spiffe-workload-jwt-exec-auth"
interactiveMode: Never
# To customize, uncomment and change the settings below
#env:
# SPIFFE_ENDPOINT_SOCKET: "unix:///tmp/spire-agent/public/api.sock"
# SPIFFE_JWT_AUDIENCE: "k8s"
# - name: SPIFFE_ENDPOINT_SOCKET
# value: "unix:///var/run/spire/agent/sockets/main/public/api.sock"
# - name: SPIFFE_JWT_AUDIENCE
# value: "k8s-one"
```
27 changes: 12 additions & 15 deletions main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,23 +3,17 @@ package main
import (
"context"
"os"
"fmt"
"log"
"time"

"github.com/spiffe/go-spiffe/v2/svid/jwtsvid"
"github.com/spiffe/go-spiffe/v2/workloadapi"

metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

"k8s.io/client-go/pkg/apis/clientauthentication"
"k8s.io/cli-runtime/pkg/printers"
)

func main() {
cred := &clientauthentication.ExecCredential{
Status: &clientauthentication.ExecCredentialStatus {},
}

socketPath, ok := os.LookupEnv("SPIFFE_ENDPOINT_SOCKET")
if !ok {
socketPath = "unix:///tmp/spire-agent/public/api.sock"
Expand All @@ -30,8 +24,6 @@ func main() {
audience = "k8s"
}

cred.APIVersion = "client.authentication.k8s.io/v1"
cred.Kind = "ExecCredentials"
ctx := context.Background()

jwtSource, err := workloadapi.NewJWTSource(
Expand All @@ -50,10 +42,15 @@ func main() {
}

d := svid.Expiry.Sub(time.Now()) / 2
expiry := metav1.NewTime(svid.Expiry.Add(d))
cred.Status.ExpirationTimestamp = &expiry
cred.Status.Token = svid.Marshal()

y := printers.YAMLPrinter{}
y.PrintObj(cred, os.Stdout)
expiry, err := metav1.NewTime(svid.Expiry.Add(d)).MarshalJSON()
if err != nil {
log.Fatal(err)
}
fmt.Print("apiVersion: client.authentication.k8s.io/v1\n")
fmt.Print("kind: ExecCredential\n")
fmt.Print("spec:\n")
fmt.Print(" interactive: false\n")
fmt.Print("status:\n")
fmt.Printf(" expirationTimestamp: %s\n", string(expiry))
fmt.Printf(" token: %s\n", svid.Marshal())
}

0 comments on commit 90aba3a

Please sign in to comment.