Open jnummelin opened 6 months ago
I'm not in favor of adding support for third-party stuff that needs to be installed on the client side when generating stuff on the server side.
Are there any plans to support some OIDC out of the box? Even the simplest Keycloak (via managed Helm and managed server-side flags in Cluster spec) would make it easier for new users who would want to use any form of secure auth.
I agree that k0s should probably leave client auth for k0stcl
install/management purposes with main "admin" kubeconfig
that uses a certificate, but having the option to easily onboard some OIDC auth for regular k8s users would be nice.
but having the option to easily onboard some OIDC auth for regular k8s users would be nice.
@danielskowronski I'm not sure what you mean by this? Configuring an OIDC provider is pretty straightforward via api servers flags
Is your feature request related to a problem? Please describe.
When I configure OIDC for a cluster I need to manually craft the user kubeconfigs
Describe the solution you would like
It would be nice if
k0s kubeconfig
command would be able to detect the OIDC config and spit out working kubeconfig for the user. For example If I have in cluster config:k0s should detect that and generate the corresponding client config:
We cannot support all oidc login tools of course but kubelogin seems to be generic enough to work with most providers.
Describe alternatives you've considered
No response
Additional context
No response