search

argoproj / argo-cd

Declarative Continuous Deployment for Kubernetes
https://argo-cd.readthedocs.io
Apache License 2.0
17.8k stars 5.43k forks source link

Full support for OIDC for multiple cluster authentication #2946

Open thefirstofthe300 opened 4 years ago

thefirstofthe300 commented 4 years ago

Summary

Full support for OIDC for multiple cluster authentication

Motivation

I am attempting to set up authentication to allow a single Argo deployment to deploy to multiple clusters. We already have a bot account configured in our SSO solution and could use the same bot account for our Argo's cross-cluster Kubernetes authentication if we had more than the methods documented here.

https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters

Proposal

I don't know enough about Argo to give specifics but just add to the existing bearer token authentication for k8s to allow tokens to be refreshed using a configured OIDC provider.

blakepettersson commented 1 year ago

If you are using EKS (with IRSA) or GKE (with Workload Identity) there are solutions which would work for that, for any other various this would potentially be solved with #13476.