Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multi-tenant OIDC authentication #5022

Open
matheuscscp opened this issue Oct 3, 2024 · 0 comments
Open

Multi-tenant OIDC authentication #5022

matheuscscp opened this issue Oct 3, 2024 · 0 comments
Assignees
@matheuscscp
Labels
area/api API related issues and pull requests area/security Security related issues and pull requests enhancement New feature or request

Comments

@matheuscscp
Copy link
Contributor

As a Flux user, I'd like to have multi-tenant OIDC authentication for my cloud provider, so that I can have fine-grained identities with permissions limited to what each tenant needs.

Right now Flux uses the ServiceAccount of the respective controller for OIDC authentication.

For example, I'd like my Bucket objects with spec.provider set to some cloud provider to also have something like a spec.serviceAccountName field pointing to a Kubernetes ServiceAccount in the same namespace that points to an identity in my cloud provider, and Flux would perform the authentication handshake for that identity using a temporary OIDC ServiceAccount token created on the Kubernetes API.
@matheuscscp matheuscscp added enhancement New feature or request area/security Security related issues and pull requests area/api API related issues and pull requests labels Oct 3, 2024
@matheuscscp matheuscscp self-assigned this Oct 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@matheuscscp matheuscscp

Labels
area/api API related issues and pull requests area/security Security related issues and pull requests enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@matheuscscp