runtime: provide credentials to services (#1817)

* runtime: inject credentials into service * util/auth: self generate accounts (needed for jwt) * runtime/kubernetes: add logging for creds * runtime/kubernetes: serialize secret name * runtime/kubernetes: remove unused code * runtime/kubernetes: base64 encode secret * runtime/kubernetes: remove metadata from secret * util/kubernetes/client: omit empty secret metadata * util/kubernetes/client: fix secret template * util/kubernetes/client: fix secrets * web: update auth util * util/auth: fix missing arg * extend token expiry * extend token expiry
2020-07-10 16:25:46 +01:00
parent 3480e0a64e
commit 09ec20fded
10 changed files with 128 additions and 23 deletions
--- a/runtime/kubernetes/service.go
+++ b/runtime/kubernetes/service.go
@@ -75,6 +75,27 @@ func newService(s *runtime.Service, c runtime.CreateOptions) *service {
 		env = append(env, client.EnvVar{Name: evarPair[0], Value: evarPair[1]})
 	}

+	// if credentials were provided, pass them to the service
+	if len(c.Credentials) > 0 {
+		env = append(env, client.EnvVar{
+			Name: "MICRO_AUTH_ID",
+			ValueFrom: &client.EnvVarSource{
+				SecretKeyRef: &client.SecretKeySelector{
+					Name: c.Credentials, Key: "id",
+				},
+			},
+		})
+
+		env = append(env, client.EnvVar{
+			Name: "MICRO_AUTH_SECRET",
+			ValueFrom: &client.EnvVarSource{
+				SecretKeyRef: &client.SecretKeySelector{
+					Name: c.Credentials, Key: "secret",
+				},
+			},
+		})
+	}
+
 	// if environment has been supplied update deployment default environment
 	if len(env) > 0 {
 		kdeploy.Spec.Template.PodSpec.Containers[0].Env = append(kdeploy.Spec.Template.PodSpec.Containers[0].Env, env...)