cluster/gce/gci/credential-provider: add a README
Signed-off-by: Andrew Sy Kim <andrewsy@google.com> Co-authored-by: Aditi Sharma <adi.sky17@gmail.com>
This commit is contained in:
Andrew Sy Kim
35
cluster/gce/gci/credential-provider/README.md
Normal file
35
cluster/gce/gci/credential-provider/README.md
Normal file
@@ -0,0 +1,35 @@
|
|||||||
|
# GCP credential provider for e2e testing
|
||||||
|
|
||||||
|
This package contains a barebones implementation of the [kubelet GCP credential
|
||||||
|
provider](https://github.com/kubernetes/cloud-provider-gcp/tree/master/cmd/auth-provider-gcp)
|
||||||
|
for testing purposes only. This plugin SHOULD NOT be used in production.
|
||||||
|
|
||||||
|
This credential provider is installed and configured in the node e2e tests by:
|
||||||
|
|
||||||
|
1. Building the credential-provider binary and including it in the test archive
|
||||||
|
uploaded to the GCE remote node.
|
||||||
|
|
||||||
|
2. Writing the credential provider config into the temporary workspace consumed
|
||||||
|
by the kubelet. The contents of the config should be something like this:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
kind: CredentialProviderConfig
|
||||||
|
apiVersion: kubelet.config.k8s.io/v1alpha1
|
||||||
|
providers:
|
||||||
|
- name: credential-provider
|
||||||
|
apiVersion: credentialprovider.kubelet.k8s.io/v1alpha1
|
||||||
|
matchImages:
|
||||||
|
- "gcr.io"
|
||||||
|
- "*.gcr.io"
|
||||||
|
- "container.cloud.google.com"
|
||||||
|
- "*.pkg.dev"
|
||||||
|
defaultCacheDuration: 1m`
|
||||||
|
```
|
||||||
|
|
||||||
|
3. Configuring the following additional flags on the kubelet:
|
||||||
|
|
||||||
|
```
|
||||||
|
--feature-gates=DisableKubeletCloudCredentialProviders=true,KubeletCredentialProviders=true
|
||||||
|
--image-credential-provider-config=/tmp/node-e2e-123456/credential-provider.yaml
|
||||||
|
--image-credential-provider-bin-dir=/tmp/node-e2e-12345
|
||||||
|
```
|
||||||
Reference in New Issue
Block a user