Kubeconfig Plugin for Arcaflow

The Kubeconfig plugin is used to input a kubernetes or openshift kubeconfig file and parse and extract components of the kubeconfig file such as cluster name, user, server url, client certificate, client token etc.

The plugin expects a kubeconfig inputed as a string, as defined in the InputParams dataclass in kubeconfig_plugin.py file. You define your test parameters in a YAML file to be passed to the plugin command as shown in kubeconfig_example.yaml.

To test:

In order to run the kubeconfig plugin run the following steps:

Containerized

1. Clone this repository
2. Create the container with docker build -t arca-kubeconfig -f Dockerfile
3. Run cat kubeconfig_example.yaml | docker run -i arca-kubeconfig -f - to run the plugin

Native

1. Clone this repository
2. Create a venv in the current directory with python3 -m venv $(pwd)/venv
3. Activate the venv by running source venv/bin/activate
4. Run pip install poetry
5. Run poetry install
6. Run ./kubeconfig_plugin.py -f kubeconfig_example.yaml to run the plugin

Image Building

You can change this plugin's image version tag in .github/workflows/carpenter.yaml by editing the IMAGE_TAG variable, and pushing that change to the branch designated in that workflow.

kubeconfig plugin (kubeconfig)

Inputs a kubeconfig, parses it and extracts the kubernetes cluster details

Input

Type:	scope
Root object:	InputParams
Properties	kubeconfig (string) Name: kubeconfig Description: input kubeconfig string Required: Yes Type: string Minimum length: 1
Objects InputParams (object) Type: object Properties kubeconfig (string) Name: kubeconfig Description: input kubeconfig string Required: Yes Type: string Minimum length: 1

Outputs

error

Type:	scope
Root object:	ErrorOutput
Properties	error (string) Name: Failure Error Description: Reason for failure Required: Yes Type: string
Objects ErrorOutput (object) Type: object Properties error (string) Name: Failure Error Description: Reason for failure Required: Yes Type: string

success

Type:	scope
Root object:	SuccessOutput
Properties	connection (reference[Connection]) Name: Kubernetes connection Description: Kubernetes connection confirmation. Required: Yes Type: reference[Connection] Referenced object: Connection
Objects Connection (object) Type: object Properties bearerToken (string) Name: Token Description: Secret token of the user/service account Required: No Type: string cacert (string) Name: CA certificate Description: CA certificate in PEM format Required: No Type: string cert (string) Name: Client certificate Description: Client cert data in PEM format Required: No Type: string host (string) Name: Server Description: Kubernetes API URL Required: Yes Type: string key (string) Name: Client key Description: Client key in PEM format Required: No Type: string password (string) Name: Password Description: Password to authenticate with. Required: No Type: string path (string) Name: API path Description: Kubernetes API path Required: No Type: string serverName (string) Name: TLS server name Description: Server name to verify TLS certificate against. Required: No Type: string username (string) Name: Username Description: Username to authenticate with. Required: No Type: string SuccessOutput (object) Type: object Properties connection (reference[Connection]) Name: Kubernetes connection Description: Kubernetes connection confirmation. Required: Yes Type: reference[Connection] Referenced object: Connection