Comments (15)
ericchiang
commented on June 19, 2024
1
@jhorwit2 I don't plan on working on this in the near term. Would be happy to help out for anyone who would like to see this feature and has some cycles to work on it.
from enhancements.
bgrant0607
commented on June 19, 2024
cc @kubernetes/kubectl
from enhancements.
adohe-zz
commented on June 19, 2024
is this an openshift/origin migration feature?
from enhancements.
ericchiang
commented on June 19, 2024
@adohe openshift has a similar feature yes, but we're very interested in adding it because we use OAuth2 based credentials (the OpenID Connect authenticator). To work with kubectl we need some way of configuring the existing client authenticator plugins[0] for refresh tokens, and also triggering an initial auth flow.
This was discussed in the sig-auth as TODO for 1.4 (meeting notes here [1]) and I wanted to create an feature issue to track this.
[0] kubernetes/kubernetes#23066
[1] https://docs.google.com/document/d/1woLGRoONE3EBVx-wTb4pvp4CI7tmLZ6lS26VTbosLKM/edit#heading=h.cyshlrkb379
from enhancements.
dickhardt
commented on June 19, 2024
FYI: there is a draft Best Current Practice for native apps and OAuth
https://tools.ietf.org/html/draft-ietf-oauth-native-apps-03
from enhancements.
ericchiang
commented on June 19, 2024
I've not been able to get the PRs up in time so I'm bumping the release.
from enhancements.
idvoretskyi
commented on June 19, 2024
@ericchiang is there any progress on the feature development?
from enhancements.
ericchiang
commented on June 19, 2024
@idvoretskyi no there's not. Dropping the milestone for now until we have time to work on it a bit more.
from enhancements.
idvoretskyi
commented on June 19, 2024
@ericchiang thank you.
from enhancements.
jhorwit2
commented on June 19, 2024
Are there any plans to finish this feature in any upcoming releases this year?
from enhancements.
commented on June 19, 2024
Greetings @ericchiang, et al.,
At Nike, we have functionality similar to this proposal that currently lives in an internal fork of kubectl. We are now in a position to contribute to this feature and upstream some of the work we've done.
What would your desired next steps be for us to contribute to this feature and upstream the code we have?
from enhancements.
ericchiang
commented on June 19, 2024
@rji discussing a proposal through sig-auth would be a good place to start.
For those following this issue, there's a PR opened recently to implement some of this kubernetes/kubernetes#55514
from enhancements.
tamalsaha
commented on June 19, 2024
cc: @easeway
from enhancements.
idvoretskyi
commented on June 19, 2024
@ericchiang @kubernetes/sig-auth-feature-requests any progress on this feature is expected?
from enhancements.
ericchiang
commented on June 19, 2024
Closing in favor of #541
from enhancements.
Related Issues (20)
- Deprecate & remove Kubelet RunOnce mode HOT 3
- CRI Native Container Copy HOT 3
- Verifying Image Registry Origin in Private Kubernetes Clusters HOT 1
- CEL Variables in Schemas HOT 1
- Dynamics informers for custom CRDS HOT 1
- CEL for CRD AdditionalPrinterColumns HOT 2
- Update Enhancements Repo documentation re: KEP updates
- Audit 1.30 Release for dropped Enhancements post-Enhancements Freeze
- Authorize with Field and Label Selectors HOT 10
- KEP-4603: Tune CrashLoopBackoff HOT 10
- Hot increase cpu/memory/storage without restarting kubelet HOT 3
- KEP-4622: Add a TopologyManager policy option for MaxAllowableNUMANodes HOT 22
- LoadBalancer Service Status Improvements
- Only allow anonymous auth for configured endpoints. HOT 13
- VolumeSource: OCI Artifact and/or Image HOT 13
- CRI Logging Docs & Spec Inaccurate Example for Partial Logs HOT 5
- Cluster Feature Gate in etcd HOT 1
- StatefulSet Support for Updating Volume Claim Template HOT 4
- Add kubelet instance configuration to configure CRI socket for each node HOT 2
- Guarantee PodDisruptionBudget When Preemption Happens HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from enhancements.