Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[EPIC] - Cluster registry unified authentication #87

Open
auhlig opened this issue Apr 4, 2024 · 0 comments
Open

[EPIC] - Cluster registry unified authentication #87

auhlig opened this issue Apr 4, 2024 · 0 comments
Assignees
Labels
backlog Issues that are part of the backlog core Part of the Greenhouse Core Backlog feature

Comments

@auhlig
Copy link
Member

auhlig commented Apr 4, 2024

Description

Managing authentication for a fleet of Kubernetes clusters and a broad user base can be quite challenging.
Greenhouse can support as it has a holistic view on all clusters and their configuration (kubeconfigs) within an organization and should be used to generate kubeconfigs for users as shown below.

The task is to provide unified authentication as a core feature/admin plugin by implementing a

Example generated kubeconfig.yaml:

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data:  <CA>
    server: <K8S API server>
  name: <cluster name>
contexts:
- context:
    cluster: <cluster name>
    user: oidc@<cluster name>
  name: <cluster name>
current-context: <cluster name>
kind: Config
preferences: {}
users:
- name: oidc@<cluster name>
  user:
    auth-provider:
      config:
        client-id: <client id>
        client-secret:  <client secret>
        idp-issuer-url: <idp issuer url>
      name: oidc

The OIDC settings can be consumed from the organization CRD (default).
Optionally, an org-wide alternative clientID, clientSecret should be configurable in case of different IDS applications.

@auhlig auhlig added the feature label Apr 4, 2024
@IvoGoman IvoGoman added the core Part of the Greenhouse Core Backlog label Apr 7, 2024
@IvoGoman IvoGoman added the backlog Issues that are part of the backlog label Apr 26, 2024
@IvoGoman IvoGoman changed the title [FEAT] - Cluster registry unified authentication [EPIC] - Cluster registry unified authentication Aug 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backlog Issues that are part of the backlog core Part of the Greenhouse Core Backlog feature
Projects
Status: No status
Status: Backlog
Development

No branches or pull requests

3 participants