-
Notifications
You must be signed in to change notification settings - Fork 450
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow enabling/disabling anonymous auth for the kapi server #4072
Allow enabling/disabling anonymous auth for the kapi server #4072
Conversation
/assign @mvladev |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks.
Please extend gardener/example/90-shoot.yaml Lines 130 to 172 in 28234df
|
767b97d
to
8644837
Compare
Done. |
/reviewed ok-to-test |
/rebase |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks good, can you please provide a release note?
8644837
to
1d24a16
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
@dimityrmirchev You need rebase this pull request with latest master branch. Please check. |
1d24a16
to
720e4f6
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
How to categorize this PR?
/area control-plane
/area security
/kind enhancement
What this PR does / why we need it:
This PR adds the ability for a cluster admin to explicitly set the
--anonymous-auth
flag via the apiserver configuration. The default value will remainfalse
. This change is needed because most of the OIDC metadata discovery clients do not support authentication as they expect unprotected access to the endpointhttps://{kube-apiserver-hostname}/.well-known/openid-configuration
.Which issue(s) this PR fixes:
Fixes #4063
Special notes for your reviewer:
More information about the flag can be read here.
Release note: