Open natereid72 opened 1 year ago
Hi @natereid72 :wave: , Thanks for creating the issue. We will look into this and let you know soon.
Thank you for raising this feature request. Because of the available alternatives (manual edit of kubeconfig, or Loft SSO) this won't be a priority for us right now. But we will leave this issue open to gauge the interest in this feature.
We are open to community contributions, but we may have higher expectations (automated tests, docs, maintenance commitment, etc.) for the features that we deem a lower priority.
Thanks @matskiv, and understood. I think this would be something that could be handled out-of-tree with a simple controller. If I find some cycles, I will take a swipe and post back.
Is your feature request related to a problem?
I'd like to be able to define a ConfigMap that has OIDC issuer and ClientID to be added to the generated admin.conf kubeconfig. This would enable better experience when deploying vclusters that are intended to use OIDC rather than cert based auth.
Which solution do you suggest?
Add a ConfigMap option to helm chart that will be read for OIDC info to be added to kubeconfig.
Which alternative solutions exist?
afaik, manually editing the cert based kubeconfig file.
Additional context
The resulting kubeconfig would look something like this:
With the
oidc-issuer-url
,oidc-client-id
, andoidc-extra-scope
values being read in from a CM defined in the host cluster. All of these values are non-sensitive.