Almost a year ago I started working for Pivotal on their Kubernetes distribution, PKS (Pivotal Container Services).

Over that time I’ve helped a number of customers, and one thing that came up a few times was how to easily generate a kubeconfig for LDAP/UAA backe OIDC authentication. The built in pks CLI doesn’t do it, and Dex/Gangway doesn’t currently support the lagre cookies or blank client secrets we use in UAA.

A colleague had built a quick shell script to do this, but it was a bit fragile and didn’t work well on Windows. My customers asked for something like a binary that would work across platforms, have no dependencies and be easy to distribute.

So, over the Holiday break, I learned just enough Go to make that work, and wrote pkstoken.

After sharing it with some colleagues, I worked with Pivotal’s legal team to get this open sourced. So without further ado: PKSToken is live.

There’s full descriptions of how to use it on the GitHub README, but its pretty simple:

kubectl-pkstoken -api=api.pks.mydomain.com -cluster=ldap.pks.exaforge.com -user=euler -ns=default -kubeconfig=myconfig

Enjoy!