The current dependencies used in the project are not compatible with kubernetes 1.22. The changes in this PR are basically updating those dependencies and vendoring them. A special replacement needed to be done (github.com/rancher/wrangler-api => github.com/dylanhitt/wrangler-api v0.7.0) but it can be removed once https://github.com/rancher/wrangler-api/pull/22 gets merged. This pr fixes #4 and it was tested with Minikube.

I had updated a cluster to version 1.22, and found that klum is not able to find resources anymore (was working up to 1.21)

time="2021-11-12T17:22:54Z" level=info msg="Starting klum controller"
time="2021-11-12T17:22:54Z" level=fatal msg="the server could not find the requested resource"

Is there any roadmap to bring support again for newer kubernetes versions or this project is not anymore into active development?

Use-case

when I create multiple users and save the kubeconfig as documented

kubectl get kubeconfig darren -o json | jq .spec > kubeconfig-darren
kubectl get kubeconfig lalyos -o json | jq .spec > kubeconfig-lalyos

Usually its easier to switch between context, than switching between KUBECONFIGs, so usuallymerge the together as:

export KUBECONFIG=$KUBECONFIG:./kubeconfig-darren:./kubeconfig-lalyos

but if KLUM has a fixed contextName it doesn't work.

Proposed solution

Instead of a fixed string context-name let's make it a golang template. For example:

CONTEXT_NAME=workshop-{{ .UserName }}

with the above KUBECONFIG merge it has distinct contexts:

k config get-contexts 
CURRENT   NAME              CLUSTER           AUTHINFO          NAMESPACE
*         boss              singli            singli            klum
          workshop-darren   workshop-darren   workshop-darren     
          workshop-lalyos   workshop-lalyos   workshop-lalyos

why send the PR

I've seen at dockerhub that the image was updated "4 months ago" and it has 8k pulls, so why not?

Hello,

This project was exactly what I was looking for but I can't get it to work. Basically follow the first few steps and everything is fine.

kubectl apply -f https://raw.githubusercontent.com/ibuildthecloud/klum/master/deploy.yaml

Create the below file.

kind: User
apiVersion: klum.cattle.io/v1alpha1
metadata:
  name: chris

Apply with: kubectl apply -f create_user_chris.yml

Then get the kubeconfig.

kubectl get kubeconfig chris -o json | jq .spec > kubeconfig

Error from server (NotFound): kubeconfigs.klum.cattle.io "chris" not found

When deleting a user, I only get the user object deleted. No other object gets deleted by klum which means the user will still have access to the cluster with the same set of permissions. This I have tested in both EKS and Minikube.

Allows to specify lists of role/clusterRoles per namespaceRole, like

kind: User
apiVersion: klum.cattle.io/v1alpha1
metadata:
  name: iwilltry42
spec:
  clusterRoles:
    - view
  roles:
    - namespace: iwilltry42
      clusterRoles:
        - view
        - edit

Tried to deploy on EKS and fails.

My environment:

$ k version
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.2", GitCommit:"59603c6e503c87169aea6106f57b9f242f64df89", GitTreeState:"clean", BuildDate:"2020-01-23T14:21:36Z", GoVersion:"go1.13.6", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"14+", GitVersion:"v1.14.9-eks-c0eccc", GitCommit:"c0eccca51d7500bb03b2f163dd8d534ffeb2f7a2", GitTreeState:"clean", BuildDate:"2019-12-22T23:14:11Z", GoVersion:"go1.12.12", Compiler:"gc", Platform:"linux/amd64"}

No pod comes up, due to:

$  kubectl describe rs klum-799bb95cd7
...
   True    FailedCreate
Events:
  Type     Reason        Age               From                   Message
  ----     ------        ----              ----                   -------
  Warning  FailedCreate  2s (x4 over 29s)  replicaset-controller  Error creating: No API token found for service account "klum", retry after the token is automatically created and added to the service account

Great stuff, can't wait to use it. Thanks and KUTGW!