Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make kube-apiserver oidc flags configurable #84

Merged
merged 4 commits into from May 23, 2024
Merged

Make kube-apiserver oidc flags configurable #84

merged 4 commits into from May 23, 2024

Conversation

DEiselt
Copy link
Contributor

@DEiselt DEiselt commented May 6, 2024
edited

closes: #75

Marked as draft because there are still TODO's left. But i wanted to commit what i have so far to get feedback.

I created an object oidc_config to group all relevant flags for better readability and because of a 'dependency'. The usage of OIDC in itself is optional, but if it is used, the oidc-issuer-url and oidc-client-id are required. This is the reason why i build the variable object and it's corresponding patch like this and i would love some feedback if there is a better way.

Besides the two mentioned flags, all the other flags are optional. The question would be if we want them not to be used if omitted, or if we use sensible defaults.

And another open TODO are the descriptions. The question here is if we want to adopt the upstream docs (relatively much text) or think of something own.

A minimal config would look like this right now, while every option not provided will be set to the default value.

...
topology:
    variables:
      - name: oidc_config
        value:
          issuer_url: "https://dex.k8s.scs.community"
          client_id: "kubectl"
...

I tested the patching of values which is working already. But i could not do an actual "real world" test yet (cc @jschoone).

TODO's:

  • decide on optional flags and sensible defaults
  • fill descriptions
  • real-world test

@DEiselt
added: make oidc flags configurable
bb78f36 
Signed-off-by: Danny Eiselt <eiselt@b1-systems.de>
@DEiselt DEiselt self-assigned this May 6, 2024
@DEiselt DEiselt linked an issue May 6, 2024 that may be closed by this pull request
Make kube-apiserver oidc flags configurable #75
Closed
@jschoone jschoone marked this pull request as ready for review May 17, 2024 04:52
@mxmxchere
Copy link
Contributor

Nicely wrote together. Regarding the description: I prefer to use the upstream text. I do not see lengthiness as a problem. Additionaly it is nice that the user has an additional indicator that this is referring 1:1 to the upstream flags. And third: you do not have to think about your own text :)

@mxmxchere
Copy link
Contributor

Regarding the "grouping" via an object: i like that too 👍

@jschoone
feat(oidc-config): copy config to all versions; add upstream descript…
f788199 
…ions

Signed-off-by: Jan Schoone <6106846+jschoone@users.noreply.github.com>
@DEiselt DEiselt merged commit 7a003d4 into main May 23, 2024
1 check passed
@DEiselt DEiselt deleted the 75-make-kube-apiserver-oidc-flags-configurable branch May 23, 2024 12:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mxmxchere mxmxchere mxmxchere left review comments

@jschoone jschoone jschoone approved these changes

@paulphys paulphys Awaiting requested review from paulphys

Assignees

@DEiselt DEiselt

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Make kube-apiserver oidc flags configurable
3 participants
@DEiselt @mxmxchere @jschoone