nabadger
commented
3 years ago It's not something I've tried - i guess it's fairly coupled to dex by name (and the helm charts we ship).
Did you managed to get it working?
Open desaintmartin opened 3 years ago
nabadger
commented
3 years ago It's not something I've tried - i guess it's fairly coupled to dex by name (and the helm charts we ship).
Did you managed to get it working?
desaintmartin
commented
3 years ago Actually, it is perfectly working and it is now in production. The only change we made was extending the Gitlab token validity (we use Gitlab as oidc provider) which is 2 minutes by default and caused refresh issues when using several clients (to be honest, we did the same thing for Dex...). So we entirely got rid of Dex to fully rely on Gitlab. I suppose it would work with any OIDC provider, so auth0 or Keycloak should work as well.
We have been using dex-k8s-authenticator for several years, it is a very nice project.
Reading its code recently, I discovered it is in fact a generic oidc-k8s-authenticator, and trying to use it without dex but directly with my oidc provider make it work out of the box. Is it in the scope of the project? If so, maybe we could add some documentation about it.