-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Long lived kubeconfig for trusted clusters? #4405
Comments
@cnelson it's not possible right now, but I agree that we should support this. Our roadmap for 4.4/5.0/5.1 is pretty loaded right now, we can't work on this in the near future. |
I guess the biggest issue is for leaf clusters that don't have an endpoint exposed to the world. We'd need to expose some logic for setting |
@awly thanks for letting me know I wasn't missing something stupid here :) @webvictim Yes this is exactly my use case here -- the leaf cluster is only accessible via the main cluster. |
@awly Obviously this would need tests, docs, etc. But if I were to submit a PR to add this feature, is this generally the right approach? |
@cnelson yep, that looks roughly correct. |
Is it possible to use
tctl auth sign --format kubernetes
on a "main cluster" to generate a kubeconfig for a "trusted / leaf / remote cluster" that's connected to the main clustertctl
is being run on?#2985 mentions trusted clusters, but the feature added in #2825 doesn't mention how to generate a long-lived kubeconfig for a leaf cluster.
The text was updated successfully, but these errors were encountered: