Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Structured Authentication Configuration #11834

Open
Payback159 opened this issue Dec 27, 2024 · 1 comment · May be fixed by #11841
Open

Structured Authentication Configuration #11834

Payback159 opened this issue Dec 27, 2024 · 1 comment · May be fixed by #11841
Labels
kind/feature Categorizes issue or PR as related to a new feature.

Comments

@Payback159
Copy link
Contributor

What would you like to be added

I want to add structured authentication configuration as described here:

Why is this needed

Starting with Kubernetes v1.30, the feature flag for Structured Authentication Configuration is activated by default. We are currently doing a PoC at our company, as we have the need to use several audiences and would of course like to provide the result upstream as PR again.

As described in the blog entry, the previous kube-apiserver config flags --oidc-* are still supported but not at the same time as the config file. As also described in the blog entry, it is recommended to rely more on the structured config file in the future and it is also possible to configure the same behaviour with the new variant as with the existing (--oidc-*) flags.

Hence my question:

Should we implement the implementation completely on the structured config file right away or wait and currently offer 2 configuration paths, namely either via the existing -oidc-* flags and alternatively if the user activates it on structured config?

@Payback159 Payback159 added the kind/feature Categorizes issue or PR as related to a new feature. label Dec 27, 2024
@chadswen
Copy link
Member

chadswen commented Dec 28, 2024

For maximum compatibility, I think two config paths is preferred at least until v1.30 is the minimum kube_version supported in kubespray (should happen soon).

When possible, you may want to reuse existing variables across both paths where there is overlap to ease migration to structured authn in the future.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants