Task: enable automation of MCPv2 creation and access #260
Description
Understand the Task
Description
Currently, the MCPv2 resource does only support access via OIDC. While it is possible to get token/serviceaccount-based access to an MCPv2, this requires human interaction:
- Create MCPv2
- Authenticate via OIDC and create ServiceAccount + Roles + RoleBindings
- Authenticate via token
The problem is that step 2 requires a human and cannot be automated at the moment.
Our customers will likely complain about not being able to fully automate the process of creating an MCPv2 and getting access to it, so we should start thinking about this issue.
Should not be very hard to implement, as the MCPv2 controller anyway delegates the task of generating kubeconfigs to an AccessRequest, which already supports token-based access. We would just need to add the corresponding fields in the MCPv2 spec and generate AccessRequests for them.
Any further valuable resources.
No response
What is required to accept the Task as done.
Done Criteria
- Implemented a possibility to create an MCPv2 resource that comes with token-based access
- Tests
- PR reviewed and merged