Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[kube] Drop usage of ProcessKubeCSR #46779

Merged
merged 3 commits into from
Sep 20, 2024
Merged

[kube] Drop usage of ProcessKubeCSR #46779

merged 3 commits into from
Sep 20, 2024

Conversation

tigrato
Copy link
Contributor

@tigrato tigrato commented Sep 19, 2024

This PR drops the usage of ProcessKubeCSR to ask Auth to sign a certificate on behalf of a user when running tsh request search --kind=pod,.... Previously, we used ProcessKubeCSR to sign a new certificate but given that Kubernetes Access supports impersonation, this PR leverages it.

This also allows reusing the same kubernetes client for multiple calls.

@tigrato tigrato added backport/branch/v14 no-changelog Indicates that a PR does not require a changelog entry backport/branch/v15 backport/branch/v16 labels Sep 19, 2024
@tigrato
[kube] Drop usage of ProcessKubeCSR
83c7007 
This PR drops the usage of `ProcessKubeCSR` to ask Auth to sign a certificate on behalf of a user when running `tsh request search --kind=pod,...`.
Previously, we used `ProcessKubeCSR` to sign a new certificate but given that Kubernetes Access supports impersonation, this PR levarages it.

This also allows reusing the same kubernetes client for multiple calls.
@tigrato
add deprecation notices to ProcessKubeCSR
b03e463
strideynet
strideynet approved these changes Sep 20, 2024
View reviewed changes
Copy link
Contributor

@strideynet strideynet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀 🦸

lib/auth/auth_with_roles.go
@@ -5203,6 +5203,8 @@ func (a *ServerWithRoles) DeleteSemaphore(ctx context.Context, filter types.Sema

// ProcessKubeCSR processes CSR request against Kubernetes CA, returns
// signed certificate if successful.
// DEPRECATED
// TODO(tigrato): DELETE IN 18.0
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

<3

@tigrato tigrato added this pull request to the merge queue Sep 20, 2024
Merged via the queue into master with commit cbbc830 Sep 20, 2024
39 checks passed
@tigrato tigrato deleted the tigrato/drop-kubecsr-usage branch September 20, 2024 10:13
@public-teleport-github-review-bot
Copy link

@tigrato See the table below for backport results.

Branch Result
branch/v14 Failed
branch/v15 Failed
branch/v16 Failed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bernardjkim bernardjkim bernardjkim approved these changes

@strideynet strideynet strideynet approved these changes

@rosstimothy rosstimothy rosstimothy approved these changes

Assignees
No one assigned
Labels
backport/branch/v14 backport/branch/v15 backport/branch/v16 no-changelog Indicates that a PR does not require a changelog entry
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tigrato @bernardjkim @strideynet @rosstimothy