Arcade is meant to run as a sidecar to generate authorization tokens to be used as kubectl credentials and make them retrievable through a simple authenticated API.
Arcade supports two authorization token providers:
- Rancher
Using google's Workload Identity, Arcade retrieves the token of the active GCP account.
To reduce the number of calls to google, Arcade caches the token for 1 minute.
Use these variables to configure rancher
RANCHER_ENABLED= # Set to TRUE if rancher is a supported token provider
RANCHER_URL= # Set to the 'login' endpoint of your rancher instance
RANCHER_USERNAME # Set to your rancher username
RANCHER_PASSWORD # Set to your rancher passwordRancher kubeconfig tokens have an expiration time and Arcade will cache the token until it has expired before calling rancher for a new one.
You'll need default credentials set up. Run the following commands to build and generate a token.
go build cmd/arcade/arcade.goexport ARCADE_API_KEY=test
export RANCHER_ENABLED=TRUE
export RANCHER_URL=https://rancher.example.com/v3/activeDirectoryProviders/activedirectory?action=login
export RANCHER_USERNAME=myUsername
export RANCHER_PASSWORD=myPassword
./arcadecurl localhost:1982/tokens?provider=google -H "Api-Key: test"The default token provider is google, so this is equivalent to the call above
curl localhost:1982/tokens -H "Api-Key: test"Rancher
curl localhost:1982/tokens?provider=rancher -H "Api-Key: test"