In order to support multiple clusters in the future we need each
username in the kubeconfig to be unique. Therefore rather than using
the user's email from their oidc auth, we should construct it from
usernameClaim and clusterName.
Of course we should also deprecate it nicely, so if emailClaim is set
it will override that default and still use their OIDC email address and
print a warning message in the logs.
paulczar
commented
5 years ago
In order to support multiple clusters in the future we need each username in the kubeconfig to be unique. Therefore rather than using the user's email from their oidc auth, we should construct it from usernameClaim and clusterName.
Of course we should also deprecate it nicely, so if emailClaim is set it will override that default and still use their OIDC email address and print a warning message in the logs.
Signed-off-by: Paul Czarkowski username.taken@gmail.com