search

siderolabs / talos

Talos Linux is a modern Linux distribution built for Kubernetes.
https://www.talos.dev
Mozilla Public License 2.0
5.75k stars 463 forks source link

Add support for structured authentication configuration #8933

Open bmiddha opened 1 week ago

bmiddha commented 1 week ago

Feature Request

Add support for structured authentication configuration to add authentication providers to the cluster.

Description

I'm looking into using the Structured Authentication Configuration feature in my Talos cluster. The APIServerConfig does not support adding this config file for kube-apiserver.

Feature gate

Feature Default Stage Since Until
StructuredAuthenticationConfiguration false Alpha 1.29 1.29
StructuredAuthenticationConfiguration true Beta 1.30 -

https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/

It requires a file provided as --authentication-config to kube-apiserver.

To use structured authentication configuration, you specify the path to the authentication configuration using the --authentication-config command line argument in the API server.

https://kubernetes.io/blog/2024/04/25/structured-authentication-moves-to-beta/

bmiddha commented 1 week ago

Is this something that I can contribute? I can follow the pattern used for the --admission-control-config-file and --audit-policy-file params.

frezbo commented 1 week ago

Is this something that I can contribute? I can follow the pattern used for the --admission-control-config-file and --audit-policy-file params.

Yes, this would be good. The only minor concern is the n-5 support Talos has for k8s, so this can only support for clusters running 1.30, probably can handle that in https://github.com/siderolabs/go-kubernetes/