Comments (5)
JoshVanL
commented on September 22, 2024
Hello! This can't be done yet currently no- I'm not against it at all but what is the use case for doing this?
from kube-oidc-proxy.
amit-handda
commented on September 22, 2024
Sorry, I missed your response.
Usecase is to use oidc proxy which will add client-ip to userinfo.extra headers, while relaying request to api-server. we could, then, utilize this information in applying validation policies via open-policy-agent.
The oidc-proxy knows about the remoteaddr which initiated the request.
In fact, would like to suggest that if we could enhance oidc-proxy to make the extra headers configurable. It would be nice.
Thanks,
from kube-oidc-proxy.
JoshVanL
commented on September 22, 2024
Makes sense to me, I'll have a look at putting that together.
/assign
from kube-oidc-proxy.
amit-handda
commented on September 22, 2024
Thank you. For now, I just forked the repo and added few lines of code to make it work for me. It obviously needs to be done in a better and generic way.
+ extra := make(map[string][]string)
+ extra["scopes"] = []string{req.RemoteAddr}
conf := transport.ImpersonationConfig{
UserName: user.GetName(),
Groups: groups,
- Extra: user.GetExtra(),
+ Extra: extra,
}
from kube-oidc-proxy.
JoshVanL
commented on September 22, 2024
Hey @amit-handda, I went ahead and opened up a PR to implement something that should helpfully solve what you are trying to look for. #128
from kube-oidc-proxy.
Related Issues (20)
- exec into the pod exits automatically with no error code using kubeconfig file generated from kube-oidc-proxy, gangway & keycloak HOT 1
- ClusterRole does not allow adding header when using `--extra-user-header-client-ip`
- How can i increase the expiration time for session to kubernets?
- claims from id_token are not passed to k8s cluster
- "EKS now supports OIDC compatible identity providers" HOT 1
- Keep getting Unauthorized answer HOT 10
- Permission denied on quay.io image HOT 2
- Support for TokenRequest API HOT 1
- Create/Attach pod in single command: Timed out waiting for condition HOT 4
- Using with Kubernetes Dashboard
- Helm chart - wrong arg for requiredClaims
- Audit logs and keeping the user's identity HOT 4
- kubectl hangs on some commands when audit logs are enabled HOT 5
- Unexpected error when reading response body: stream error: stream ID 1; INTERNAL_ERROR HOT 2
- Disable TLS check oidc.issuer-url HOT 3
- Issue with kubectl command after installation
- user details in ingress logs
- is this project still being maintained? HOT 6
- oidc-required-claim option is not working via helm deploy
- New Helm Chart available HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kube-oidc-proxy.