Comments (4)
The way you reference is for generating a (short-lived) session token. It's probably preferred to create a dedicated local user in Argo CD and generate an API token for it (which will be long-lived) for uses in automation tool likes kubechecks.
For example:
Create a user named kubechecks
in argocd-cm
.
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cm
namespace: argocd
labels:
app.kubernetes.io/name: argocd-cm
app.kubernetes.io/part-of: argocd
data:
accounts.kubechecks: apiKey
accounts.kubechecks.enabled: "true"
Then generate a token for it (log into the CLI with the admin user):
argocd account generate-token --account kubechecks
This may be a good example to include in the docs.
from kubechecks.
Oh, so the point I was missing is that there exist session tokens and API tokens, each with their different purposes and lifetimes.
Thank you for the detailed explanation @morey-tech!
from kubechecks.
I see! What is it that makes the difference? The dedicated user, or the token generation via CLI?
from kubechecks.
What is it that makes the difference? The dedicated user, or the token generation via CLI?
The API token instead of a session token is the main difference. Instead of creating a session token (using /api/v1/session
) it creates a long-lived token (using /api/v1/account/{name}/token
).
The use of a dedicated user is more of a best practice.
from kubechecks.
Related Issues (20)
- Change ':heavy_exclamation_mark:' emoji
- Option to disable failing builds during kubechecks failures HOT 1
- Allow option to run kubechecks in namespaced scope instead of clusterscope always
- Add better support for apps in different repositories
- Schema validation always fails for CRDs HOT 11
- Feature request: ArgoCD dry run HOT 1
- ARGOCD_API_INSECURE not being respected HOT 1
- Unable to set location for remote repository HOT 12
- 401 Unauthorized - using private repositories as a git chart dependency (Aws Ecr) HOT 2
- Move from `whilp/git-urls` to `chainguard-dev/git-urls` to address CVE-2023-46402
- Diffing: RPC PermissionDenied HOT 3
- OpenAI likes to add ```, but it screws up the following diff HOT 1
- Links to abandoned repos HOT 1
- `failed to set git email address: exit status 255` HOT 1
- CVE-2024-31989
- Diffs triggered for resources where no change was made
- AppSet diff support HOT 2
- Kubeconform Alternate schema locations HOT 3
- Use `slog` for logging throughout Kubechecks
- Use KubeChecks with GitHub app
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubechecks.