Skip to content

OIDC auth refresh flow differs from kubectl behavior #493

New issue
New issue
Closed
Closed
OIDC auth refresh flow differs from kubectl behavior#493
Labels
lifecycle/rottenDenotes an issue or PR that has aged beyond stale and will be auto-closed.
@nurus

Description

@nurus
nurus
opened on Mar 23, 2018

I've been testing OIDC for authentication using the work done in kubernetes-client/python-base#48 and came across an issue refreshing credentials because I do not specify idp-certificate-authority-data in my kubeconfig. This issue has already been brought up: #368 (comment). As kubectl does not require this key I don't think the python client should either.

Another potential issue is the lack of support for the idp-certificate-authority key which allows you to load CA certificates from a file. I was attempting to use this to get around the issue mentioned above by loading a trusted root CA bundle. I could convert the entire file to base64 and add it as a value for idp-certificate-authority-data but this results in an unwieldy kubeconfig file.

Metadata

Metadata

Assignees

No one assigned

    Labels

    lifecycle/rottenDenotes an issue or PR that has aged beyond stale and will be auto-closed.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions