Repository files navigation

A server that includes:

• A mutating webhook that will patch any newly created pods in your Kubernetes cluster with GCP credentials (whose location is currently hardcoded to /var/lib/minikube/google_application_credentials.json).
• A mutating webhook that will patch any newly created service accounts in your Kubernetes cluster with an image pull secret.
• A thread that monitors namespaces to make sure all namespaces include a image pull secret to be able to pull from GCR and AR.

Setting the environment variableMOCK_GOOGLE_TOKEN totrue will prevent using the google application credentials to fetch the token used for the image pull secret. Instead the token will be mocked.

Use the imagegcr.io/k8s-minikube/gcp-auth-webhook as the image for a Deployment in your Kubernetes manifest and add that to a MutatingWebhookConfiguration. Seeminikube for details.

The easiest way to run the server locally is:

• Modifyminikube's gcp-auth Deployment image to belocal/gcp-auth-webhook:$(VERSION) (replace$(VERSION) with your version)
• Build and run minikube
• Runeval $(path_to_minikube/minikube docker-env) and thenmake local-image to make the image available from within minikube
• Runpath_to_minikube/minikube addons enable gcp-auth to enable the addon, which creates a pod in thegcp-auth namespace with the gcp-auth-webhook server