search

giantswarm / roadmap

Giant Swarm Product Roadmap
https://github.com/orgs/giantswarm/projects/273
Apache License 2.0
3 stars 0 forks source link

Add workload cluster api server oidc settings by default #2530

Open anvddriesch opened 1 year ago

anvddriesch commented 1 year ago

In order to make SSO the default on workload clusters, we need to make workload cluster api server oidc flags set by default. This should likely be done via the default cluster app values https://github.com/giantswarm/cluster-aws If the value isn't known (e.g issuer maybe) it should be defaulted by the client.

- [ ] Add workload cluster api server oidc settings by default to CAPA
- [ ] Handle upgrade/migration of default oidc settings for users who already have existing oidc setup
- [ ] Add workload cluster api server oidc settings by default to other providers
- [ ] consider auth operator adding oidc server flags for providers where they are not the default
anvddriesch commented 1 year ago

Let's wait for https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/3221-structured-authorization-configuration#alpha-128 as it simplifies the problem by a lot