Version 0.3.2 Released

April 27, 2022 · 2 min read

This release completes the deployment access token feature.

New: Deployment Access Token

Deployments can now perform API calls to Platz:

Read operations (GET) are allowed for every object in Platz, regardless of its env.
Mutating operations (POST, PUT, DELETE) are allowed for objects in the same env as the deployment.

How Deployment Credentials Work

The way this works is by Platz creating and maintaining a secret named platz-creds in the deployment namespace. The secret contains an access token valid for one hour, and it's refreshed every 30 minutes.

The k8s-agent worker is responsible for refreshing these secrets, so the credentials become invalid if the worker is not running for any reason.

Using Deployment Credentials

To use the platz-creds secret it has to be mapped in each pod that needs to communicate with Platz.

The Platz URL is injected into the chart values when installing under platz.own_url and can be passed as an environment variable to the pod as well.

For example, this pod template can be used in a Helm chart deployed from Platz:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: example
spec:
  containers:
    - name: example
      image: ubuntu:latest
      command:
        - /bin/sleep
        - "100000000"
      env:
        - name: PLATZ_API_TOKEN
          valueFrom:
            secretKeyRef:
              name: platz-creds
              key: access_token
        - name: PLATZ_URL
          value: {{ .Values.platz.own_url }}

New: Deployment Access Token​

How Deployment Credentials Work​

Using Deployment Credentials​

New: Deployment Access Token

How Deployment Credentials Work

Using Deployment Credentials