search

headlamp-k8s / headlamp

A Kubernetes web UI that is fully-featured, user-friendly and extensible
https://headlamp.dev
Apache License 2.0
2.06k stars 149 forks source link

OIDC authentication is not handled gracefully in headlamp #2242

Open O5ten opened 1 month ago

O5ten commented 1 month ago

I'm having trouble connecting to a cluster that has oidc configured as authentication method. Competing products (openlens) is opening a browser window to (re)authenticate to the cluster when needed. headlamp is just asking me for a service account token.

image

This is a sample of my .kube/config

- name: oidc
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      args:
      - oidc-login
      - get-token
      - --oidc-issuer-url=https://login.microsoftonline.com/<tenant>/v2.0
      - --oidc-client-id=<some-client-id>
      - --oidc-client-secret=<some-client-secret>
      command: kubectl
      interactiveMode: IfAvailable
      provideClusterInfo: false
joaquimrocha commented 1 month ago

Thank you @O5ten . We will look into this as we do want to support this use-case.