Manage Clients

The jmpctl admin CLI can be used to manage your client configurations on the distributed service.

Creating a Client

If you have configured a Jumpstarter service and you have a kubeconfig, the jmpctl CLI will attempt to use your current credentials to provision the client automatically, and produce a client configuration file.

You can also use the following options to specify kubeconfig and context to use:

• --kubeconfig - Set the location of your kubeconfig file.

• --namespace - The namespace to search in (default is default)

To create a new client and its associated config, run the following command:

$ jmpctl client create john --namespace jumpstarter-lab > john.yaml
$ cat >> john.yaml <<EOF
drivers:
  allow: []
  unsafe: True
EOF

This creates a client named john and outputs the configuration to a YAML file named john.yaml:

apiVersion: jumpstarter.dev/v1alpha1
kind: ClientConfig
endpoint: grpc.jumpstarter.192.168.1.10.nip.io:8082
token: <<token>>
tls:
  ca: ''
  insecure: True
drivers:
  allow: []
  unsafe: True

In addition we have included a drivers section in the configuration file, which allows you to specify a list of allowed driver packages and enable unsafe mode (allow any driver).

Warning

This section can be important if you don’t trust the exporter’s configuration, since every driver is composed of two parts, a client side and an exporter side, the client side Python module is dynamically loaded when a client connects to an exporter.

A tls section is also included, which allows you to specify a custom CA certificate to use for the connection, or to disable TLS verification if your system is using self-signed certificates.

Manual Provisioning

If you do not have jmpctl installed or don’t have direct access to the cluster, a client can also be provisioned manually on a different machine.

1. Apply the YAML to your cluster:

   # my-client.yaml
   apiVersion: jumpstarter.dev/v1alpha1
   kind: Client
   metadata:
     name: my-client
   

   $ kubectl apply -f my-client.yaml
   

2. Get the created client resource:

   $ kubectl get client my-client -o yaml
   $ kubectl get client my-client -o=jsonpath='{.status.endpoint}'
   $ kubectl get secret $(kubectl get client my-client -o=jsonpath='{.status.credential.name}') -o=jsonpath='{.data.token}' | base64 -d
   

3. Those details can be installed as a secret on CI, or passed down to the final user.

   Then the user can create the client performing:

   $ jmp create my-client
   Enter a valid Jumpstarter service endpoint: devl.jumpstarter.dev
   Enter a Jumpstarter auth token (hidden): ***
   Enter a comma-separated list of allowed driver packages (optional):