-
Notifications
You must be signed in to change notification settings - Fork 451
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[GEP-12] OIDC Webhook Authenticator #2481
[GEP-12] OIDC Webhook Authenticator #2481
Conversation
@mvladev Label area/operations does not exist. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/invite @holgerkoser @donistz @ThormaehlenFred @ccwienk
@mvladev can you also explain how you envision this to be implemented? Would it be a Gardener extension that, if deployed via ControllerRegistration
, would deploy the necessary components and inject the necessary shoot kube-apiserver configuration via webhook?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice GEP. I have some minor questions.
b400c7f
to
09b8e3d
Compare
@holgerkoser @ThormaehlenFred @vlerenc @ccwienk @donistz any comments from you or anybody else? |
@rfranzke Besides the open points I would also vote for merging this PR soon. There is no need to keep it open if there are no further comments. |
Sorry for the delay - I've updated the PR and resolved the comments. |
/needs rebase |
This enchancement proposal adds ODIC Webhook Authenticator which can be used to add multiple OIDC providers in a standard Kubernetes API Server.
cc18826
to
5cd1b9d
Compare
@danielfoehrKn can you have another look? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, looks good to me.
How to categorize this PR?
/area operations
/area security
/area user-management
/kind enhancement
/priority normal
What this PR does / why we need it:
This enhancement proposal adds ODIC Webhook Authenticator which can be used to add multiple OIDC providers to a standard Kubernetes API Server.
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Release note: