Skip to content

Commit

Permalink
update generate token (#583)
Browse files Browse the repository at this point in the history
  • Loading branch information
atye authored and rajkumar-palani committed May 23, 2023
1 parent 711de5b commit 7db4cb8
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 11 deletions.
12 changes: 6 additions & 6 deletions content/docs/authorization/cli.md
Original file line number Diff line number Diff line change
Expand Up @@ -185,23 +185,23 @@ karavictl generate token [flags]
##### Output

```
$ karavictl generate token --shared-secret supersecret
$ karavictl generate token --tenant Alice
apiVersion: v1
data:
access: <ACCESS-TOKEN>
refresh: <REFRESH-TOKEN>
kind: Secret
metadata:
creationTimestamp: null
name: proxy-authz-tokens
namespace: vxflexos
type: Opaque
data:
access: <ACCESS-TOKEN>
refresh: <REFRESH-TOKEN>
```


Usually, you will want to pipe the output to kubectl to apply the secret
```
$ karavictl generate token --shared-secret supersecret | kubectl apply -f -
$ karavictl generate token --tenant Alice | kubectl apply -f -
```


Expand Down
12 changes: 7 additions & 5 deletions content/docs/authorization/configuration/proxy-server/_index.md
Original file line number Diff line number Diff line change
Expand Up @@ -105,23 +105,25 @@ After creating the role bindings, the next logical step is to generate the acces

```yaml
# RPM Deployment
karavictl generate token --tenant Finance --insecure --addr DNS-hostname | sed -e 's/"Token": //' -e 's/[{}"]//g' -e 's/\\n/\n/g' > token.yaml
karavictl generate token --tenant Finance --insecure --addr DNS-hostname > token.yaml

# Helm/Operator Deployment
karavictl generate token --tenant Finance --insecure --addr csm-authorization.com:<ingress-controller-port> | sed -e 's/"Token": //' -e 's/[{}"]//g' -e 's/\\n/\n/g' > token.yaml
karavictl generate token --tenant Finance --insecure --addr csm-authorization.com:<ingress-controller-port> > token.yaml
```

`token.yaml` will have a Kubernetes secret manifest that looks like this:

```
apiVersion: v1
data:
access: ZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SmhkV1FpT2lKamMyMGlMQ0psZUhBaU9qRTJPREl3TVRBeU5UTXNJbWR5YjNWd0lqb2labTl2SWl3aWFYTnpJam9pWTI5dExtUmxiR3d1WTNOdElpd2ljbTlzWlhNaU9pSmlZWElpTENKemRXSWlPaUpqYzIwdGRHVnVZVzUwSW4wLjlSYkJISzJUS2dZbVdDX0paazBoSXV0N0daSDV4NGVjQVk2ekdaUDNvUWs=
refresh: ZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SmhkV1FpT2lKamMyMGlMQ0psZUhBaU9qRTJPRFEyTURJeE9UTXNJbWR5YjNWd0lqb2labTl2SWl3aWFYTnpJam9pWTI5dExtUmxiR3d1WTNOdElpd2ljbTlzWlhNaU9pSmlZWElpTENKemRXSWlPaUpqYzIwdGRHVnVZVzUwSW4wLkxQcDQzbXktSVJudTFjdmZRcko4M0pMdTR2NXlWQlRDV2NjWFpfWjROQkU=
kind: Secret
metadata:
creationTimestamp: null
name: proxy-authz-tokens
type: Opaque
data:
access: ZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SmhkV1FpT2lKcllYSmhkbWtpTENKbGVIQWlPakUyTlRNek1qUTFOekVzSW1keWIzVndJam9pWm05dklpd2lhWE56SWpvaVkyOXRMbVJsYkd3dWEyRnlZWFpwSWl3aWNtOXNaWE1pT2lKaVlYSWlMQ0p6ZFdJaU9pSnJZWEpoZG1rdGRHVnVZVzUwSW4wLk4tNE42Q1pPbUptcVQtRDF5ZkNGdEZqSmRDRjcxNlh1SXlNVFVyckNOS1U=
refresh: ZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SmhkV1FpT2lKcllYSmhkbWtpTENKbGVIQWlPakUyTlRVNU1UWTFNVEVzSW1keWIzVndJam9pWm05dklpd2lhWE56SWpvaVkyOXRMbVJsYkd3dWEyRnlZWFpwSWl3aWNtOXNaWE1pT2lKaVlYSWlMQ0p6ZFdJaU9pSnJZWEpoZG1rdGRHVnVZVzUwSW4wLkVxb3lXNld5ZEFLdU9mSmtkMkZaMk9TVThZMzlKUFc0YmhfNHc5R05ZNmM=
```

This secret must be applied in the driver namespace.
Expand Down

0 comments on commit 7db4cb8

Please sign in to comment.