-
Notifications
You must be signed in to change notification settings - Fork 42
Remove OIDC warning message #385
Comments
Hi @dansible , this warning message is required by dev especially from security perspective and introduced in PR #221, you can see more discussion in #221 (comment) Some background:
Thanks. |
Yes, I understand the issue and the background for it, however, constantly producing warnings whenever using an OIDC kubeconfig is distracting and can also be confusing. When we look at other platforms like GKE or EKS, they both use executable kubeconfigs but don't produce any such warnings. |
I have one feasible solution(only on Mac), What about adding one method at the begging of if Yes create one tmp file under /tmp folder on local for checking. Warning message will skips if tmp file exists. By default, files that aren't accessed in three days are deleted from /tmp in Mac. https://developer.apple.com/forums/thread/71382 In this way, we can remove the OIDC warning message intermittently and also noticed msg with the user regularly as well. |
If the user confirms that the kubeconfig is safe you could create a hash of the kubeconfig and update the garden config. As long as the hash stays the same of the kubeconfig you do not need to bother the user to check it again gardenClusters:
- kubeConfig: path/to/kubeconfig/kubeconfig.yaml
kubeConfigTrusted: 71245e04e13fd02f5be10caba8df445a6035af10e4c13a663ed4fc13255d75df
name: dev-virtual |
PR in |
@tedteng You have mentioned internal references in the public. Please check. |
as discussed in a planning meeting yesterday, Planning to add backup config logic first |
as code freeze, this feature has been enabled from the internal version in Ticket 18. |
The warning message we receive from gardenctl when using a kubeconfig with an
exec
arg (for OIDC) can be confusing and is not needed. GKE/EKS, and many other K8s platforms rely on similar kubeconfigs using anexec
argument and do not display such warnings. Can we remove the OIDC warning message when using a kubeconfig with anexec
arg?The text was updated successfully, but these errors were encountered: