First get the project built:
dep ensure
go buildThen you can start the proxy like this (using a specific service account as an example, you'll need to tweak those values):
./owner-ref-proxy --port 8001Then create a new kubeconfig with a base64 encoded JSON object as the user field for BasicAuth in the cluster URL. The JSON object should have the fields apiVersion, kind, name, uid. For example, for the default serviceaccount in your current namespace, the following command would create the proper kubeconfig:
cat <<EOF >config
apiVersion: v1
kind: Config
clusters:
- cluster:
insecure-skip-tls-verify: true
server: http://$(echo '{"name": "default", "kind": "ServiceAccount", "apiVersion": "v1", "uid": "'$(kubectl get sa default -o yaml | grep uid | awk '{print $2}')'"}' | base64 -w0)@127.0.0.1:8001
name: 127-0-0-1:8001
contexts:
- context:
cluster: 127-0-0-1:8001
user: admin/127-0-0-1:8001
name: test/127-0-0-1:8001/admin:test
current-context: test/127-0-0-1:8001/admin:test
preferences: {}
users:
- name: admin/127-0-0-1:8001
EOFYou should then be able to run kubectl commands with the --kubeconfig config argument as normal. Any resources that are created by those commands will have the specified ownerReference injected into them.