Kubectl login subcommand #32
Comments
|
cc @kubernetes/kubectl |
|
is this an openshift/origin migration feature? |
|
@adohe openshift has a similar feature yes, but we're very interested in adding it because we use OAuth2 based credentials (the OpenID Connect authenticator). To work with kubectl we need some way of configuring the existing client authenticator plugins[0] for refresh tokens, and also triggering an initial auth flow. This was discussed in the sig-auth as TODO for 1.4 (meeting notes here [1]) and I wanted to create an feature issue to track this. [0] kubernetes/kubernetes#23066 |
|
FYI: there is a draft Best Current Practice for native apps and OAuth |
Automatic merge from submit-queue docs/proposal: add proposal for kubectl login This PR updates kubernetes/enhancements#32 and #25758 by adding a proposal for a "kubectl login" command. It's a bit more involved than the implementation discussed with @deads2k in #25758, by proposing a long term goal for the overall subcommand. cc @kubernetes/sig-auth @kubernetes/kubectl
|
I've not been able to get the PRs up in time so I'm bumping the release. |
|
@ericchiang is there any progress on the feature development? |
|
@idvoretskyi no there's not. Dropping the milestone for now until we have time to work on it a bit more. |
|
@ericchiang thank you. |
Automatic merge from submit-queue docs/proposal: add proposal for kubectl login This PR updates kubernetes/enhancements#32 and kubernetes/kubernetes#25758 by adding a proposal for a "kubectl login" command. It's a bit more involved than the implementation discussed with @deads2k in #25758, by proposing a long term goal for the overall subcommand. cc @kubernetes/sig-auth @kubernetes/kubectl
|
Are there any plans to finish this feature in any upcoming releases this year? |
|
@jhorwit2 I don't plan on working on this in the near term. Would be happy to help out for anyone who would like to see this feature and has some cycles to work on it. |
|
Greetings @ericchiang, et al., At Nike, we have functionality similar to this proposal that currently lives in an internal fork of kubectl. We are now in a position to contribute to this feature and upstream some of the work we've done. What would your desired next steps be for us to contribute to this feature and upstream the code we have? |
|
@rji discussing a proposal through sig-auth would be a good place to start. For those following this issue, there's a PR opened recently to implement some of this kubernetes/kubernetes#55514 |
|
cc: @easeway |
|
@ericchiang @kubernetes/sig-auth-feature-requests any progress on this feature is expected? |
k8s-ci-robot
added
the
kind/feature
|
Closing in favor of #541 |
Encrypting Data at Datastore Layer
Adding revocation policy details and explain how BA finalizer works
Description
Add a subcommand to kubectl which can update kubeconfig auth providers configs (kubernetes/kubernetes#23066) and trigger login events. The initial implementation will add support for the OpenID Connect auth provider and a basic auth challenge.
Prior POC and discussion in kubernetes/kubernetes#25758
cc @kubernetes/sig-auth
Progress Tracker
/pkg/apis/...)FEATURE_STATUS is used for feature tracking and to be updated by @kubernetes/feature-reviewers.
FEATURE_STATUS: IN_DEVELOPMENT
More advice:
Design
Coding
and sometimes http://github.com/kubernetes/contrib, or other repos.
check that the code matches the proposed feature and design, and that everything is done, and that there is adequate
testing. They won't do detailed code review: that already happened when your PRs were reviewed.
When that is done, you can check this box and the reviewer will apply the "code-complete" label.
Docs
The text was updated successfully, but these errors were encountered: