considerations for other deployment types (bootkube)

[v1k0d3n]

Is this a bug report or feature request? (choose one):

Python Version (output of python --version): N/A

Development or Deployment Environment?: N/A

Release Tag or Master: master

Expected Behavior: armada would work as documented

What Actually Happened: armada fails because of unmounted client certificates

How to Reproduce the Issue (as minimally as possible): use the following repo, and then test with armada: https://github.com/v1k0d3n/bootkube-ci

Any Additional Comments:
background: in cases where user-created certificates are issued/used and called by kubeconfig (typically in /home/${USER}/.kube/config, Armada is not currently mounting these certificates/keys as required.

sample:

apiVersion: v1
clusters:
- cluster:
    certificate-authority: /home/ubuntu/.bootkube/tls/ca.crt
    server: https://45.58.41.236:8443
  name: local
contexts:
- context:
    cluster: local
    user: kubelet
  name: default
current-context: default
kind: Config
preferences: {}
users:
- name: kubelet
  user:
    client-certificate: /home/ubuntu/.bootkube/tls/kubelet.crt
    client-key: /home/ubuntu/.bootkube/tls/kubelet.key

This creates a problem, as Armada would fail in cases that use certs/keys for users.

[v1k0d3n]

@alanmeadows, you may want to give this a quick thought. it could go down a rabbit hole depending on what the long term plans/architecture are. if this is done via Docker locally on the client-side...it may not be much more than programatic considerations in Armada (easy route, i would imagine). it does however get a bit more complex if the plan is ever to do this in a kubernetes cluster similar to Tiller (configmap considerations, how to pass securely to the cluster, where the data is being sent/stored, RBAC, etc). what is the long term plans for cert auth and RBAC integration with Armada? are these on the roadmap?