github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Switch Phabricator to use service accounts.

Browse Source
This commit is contained in:
Brendan Burns
2015-05-18 16:25:00 -07:00
parent d7834f5033
commit 63c115f068
3 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
examples/phabricator/cloudsql-authenticator/run.sh
View File

@@ -18,10 +18,13 @@
# should only send updates if something changes. We should be able to do
# this by comparing pod creation time with the last scan time.
while true; do
hostport="${KUBERNETES_RO_SERVICE_HOST}:${KUBERNETES_RO_SERVICE_PORT}"
path="api/v1beta1/pods"
hostport="https://kubernetes.default.cluster.local"
token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
path="api/v1beta3/pods"
query="labels=$SELECTOR"
ips_json=`curl ${hostport}/${path}?${query} 2>/dev/null | grep hostIP`
# TODO: load in the CAS cert when we distributed it on all platforms.
ips_json=`curl ${hostport}/${path}?${query} --insecure --header "Authorization: Bearer ${token}" 2>/dev/null | grep hostIP`
ips=`echo $ips_json | cut -d'"' -f 4 | sed 's/,$//'`
echo "Adding IPs $ips"
gcloud sql instances patch $CLOUDSQL_DB --authorized-networks $ips