Comments (4)
morey-tech
commented on July 28, 2024
1
The way you reference is for generating a (short-lived) session token. It's probably preferred to create a dedicated local user in Argo CD and generate an API token for it (which will be long-lived) for uses in automation tool likes kubechecks.
For example:
Create a user named kubechecks in argocd-cm.
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cm
namespace: argocd
labels:
app.kubernetes.io/name: argocd-cm
app.kubernetes.io/part-of: argocd
data:
accounts.kubechecks: apiKey
accounts.kubechecks.enabled: "true"Then generate a token for it (log into the CLI with the admin user):
argocd account generate-token --account kubechecks
This may be a good example to include in the docs.
from kubechecks.
bauerjs1
commented on July 28, 2024
1
Oh, so the point I was missing is that there exist session tokens and API tokens, each with their different purposes and lifetimes.
Thank you for the detailed explanation @morey-tech!
from kubechecks.
bauerjs1
commented on July 28, 2024
I see! What is it that makes the difference? The dedicated user, or the token generation via CLI?
from kubechecks.
morey-tech
commented on July 28, 2024
What is it that makes the difference? The dedicated user, or the token generation via CLI?
The API token instead of a session token is the main difference. Instead of creating a session token (using /api/v1/session) it creates a long-lived token (using /api/v1/account/{name}/token).
The use of a dedicated user is more of a best practice.
from kubechecks.
Related Issues (20)
- Change ':heavy_exclamation_mark:' emoji
- Option to disable failing builds during kubechecks failures HOT 1
- Allow option to run kubechecks in namespaced scope instead of clusterscope always
- Add better support for apps in different repositories
- Schema validation always fails for CRDs HOT 11
- Feature request: ArgoCD dry run HOT 1
- ARGOCD_API_INSECURE not being respected HOT 1
- Unable to set location for remote repository HOT 12
- 401 Unauthorized - using private repositories as a git chart dependency (Aws Ecr) HOT 2
- Move from `whilp/git-urls` to `chainguard-dev/git-urls` to address CVE-2023-46402
- Diffing: RPC PermissionDenied HOT 3
- OpenAI likes to add ```, but it screws up the following diff HOT 1
- Links to abandoned repos HOT 1
- `failed to set git email address: exit status 255` HOT 1
- CVE-2024-31989
- Diffs triggered for resources where no change was made
- AppSet diff support HOT 2
- Kubeconform Alternate schema locations HOT 3
- Use `slog` for logging throughout Kubechecks
- Use KubeChecks with GitHub app
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubechecks.