Over that time I’ve helped a number of customers, and one thing that came up a few times was how to easily generate a
kubeconfig for LDAP/UAA backe OIDC authentication. The built in
pks CLI doesn’t do it, and Dex/Gangway doesn’t currently support the lagre cookies or blank client secrets we use in UAA.
A colleague had built a quick shell script to do this, but it was a bit fragile and didn’t work well on Windows. My customers asked for something like a binary that would work across platforms, have no dependencies and be easy to distribute.
So, over the Holiday break, I learned just enough Go to make that work, and wrote
After sharing it with some colleagues, I worked with Pivotal’s legal team to get this open sourced. So without further ado: PKSToken is live.
There’s full descriptions of how to use it on the GitHub README, but its pretty simple:
kubectl-pkstoken -api=api.pks.mydomain.com -cluster=ldap.pks.exaforge.com -user=euler -ns=default -kubeconfig=myconfig