better examples and tests
This commit is contained in:
12
README.md
12
README.md
@@ -29,6 +29,7 @@ When a pod is created, the webhook:
|
|||||||
|
|
||||||
- Kubernetes 1.20+ (for projected service account tokens)
|
- Kubernetes 1.20+ (for projected service account tokens)
|
||||||
- `kubectl` configured to access your cluster
|
- `kubectl` configured to access your cluster
|
||||||
|
- Deploy a VKE cluster and do `export KUBECONFIG=~/Downloads/vke-64c243de-eb0b-4084-93ae-6c386bef8978.yaml`
|
||||||
- OpenSSL (for certificate generation)
|
- OpenSSL (for certificate generation)
|
||||||
- Go 1.24+ (for building from source)
|
- Go 1.24+ (for building from source)
|
||||||
|
|
||||||
@@ -255,14 +256,3 @@ go build -o webhook main.go
|
|||||||
│ (Get SA) │
|
│ (Get SA) │
|
||||||
└────────────┘
|
└────────────┘
|
||||||
```
|
```
|
||||||
|
|
||||||
## License
|
|
||||||
|
|
||||||
MIT
|
|
||||||
|
|
||||||
## Contributing
|
|
||||||
|
|
||||||
Contributions welcome! Please ensure:
|
|
||||||
- Code follows Go best practices
|
|
||||||
- Add tests for new functionality
|
|
||||||
- Update documentation as needed
|
|
||||||
41
example.yaml
Normal file
41
example.yaml
Normal file
@@ -0,0 +1,41 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: example-app
|
||||||
|
namespace: default
|
||||||
|
annotations:
|
||||||
|
# Replace with actual IAM role ARN
|
||||||
|
vultr.com/role-arn: "arn:aws:iam::123456789012:role/example-app-role"
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Pod
|
||||||
|
metadata:
|
||||||
|
name: example-app
|
||||||
|
namespace: default
|
||||||
|
spec:
|
||||||
|
serviceAccountName: example-app
|
||||||
|
containers:
|
||||||
|
- name: aws-cli
|
||||||
|
image: amazon/aws-cli:latest
|
||||||
|
command:
|
||||||
|
- /bin/bash
|
||||||
|
- -c
|
||||||
|
- |
|
||||||
|
echo "Testing IRSA configuration..."
|
||||||
|
echo ""
|
||||||
|
echo "Environment variables:"
|
||||||
|
env | grep AWS
|
||||||
|
echo ""
|
||||||
|
echo "Token file contents:"
|
||||||
|
ls -la /var/run/secrets/vultr.com/serviceaccount/
|
||||||
|
echo ""
|
||||||
|
echo "Token (first 50 chars):"
|
||||||
|
head -c 50 /var/run/secrets/vultr.com/serviceaccount/token
|
||||||
|
echo ""
|
||||||
|
echo ""
|
||||||
|
echo "Attempting to assume role..."
|
||||||
|
aws sts get-caller-identity || echo "Failed to get caller identity (expected if IAM role trust is not configured)"
|
||||||
|
echo ""
|
||||||
|
echo "Sleeping for 1 hour..."
|
||||||
|
sleep 3600
|
||||||
|
restartPolicy: Never
|
||||||
19
test-webhook.yaml
Normal file
19
test-webhook.yaml
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: test-irsa
|
||||||
|
namespace: default
|
||||||
|
annotations:
|
||||||
|
vultr.com/role-arn: "arn:aws:iam::123456789012:role/test-role"
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Pod
|
||||||
|
metadata:
|
||||||
|
name: test-pod
|
||||||
|
namespace: default
|
||||||
|
spec:
|
||||||
|
serviceAccountName: test-irsa
|
||||||
|
containers:
|
||||||
|
- name: busybox
|
||||||
|
image: busybox
|
||||||
|
command: ["sh", "-c", "env | grep AWS && ls -la /var/run/secrets/vultr.com/serviceaccount/ && sleep 3600"]
|
||||||
Reference in New Issue
Block a user