Support Multi-cluster

[stevesloka]

Currently, Gangway is engineered to work on a single cluster. It would be great to allow it to authenticate multiple clusters.

[timmycarr]

+1 to this as I can see the customer need growing.

[captncraig]

I am currently running multiple clusters. I have an instance of dex, and of gangway in each cluster. It seems to work ok, except gangway generates kubeconfig credentials using the email as the name, which is the same across all clusters, so it conflicts.

I can work around it with a custom template, but that is a bit of a hacky solution.

[mauilion]

if we do this we should consider the new flags on the apiserver:

--api-audiences stringSlice
Identifiers of the API. The service account token authenticator will validate that tokens used against the API are bound to at least one of these audiences. If the --service-account-issuer flag is configured and this flag is not, this field defaults to a single element list containing the issuer URL .

and assert that we understand what clusters the token is being minted for

[gmwingard]

Guys we use 1 central dex, and deploy specific gangway for each cluster. This works fine for us, and allows one kubeconfig that you can change contexts with.

[aaroniscode]

I'm working with a customer in the Financial Services space that would like Gangway to support multiple clusters.

[galindro]

After two years, is there any plans to get this in place?