Add support for optin service account auth for incluster deployments. #3607
Conversation
…or incluster This patch adds optin option for users to make the incluster authenticated by default, this can be used when users want to use OIDC proxies infront of headlamp to avoid 2 step auth, OIDC + service account token Signed-off-by: yolossn <[email protected]>
Add helm chart configuration options to support the new service account token authentication feature added to the backend Signed-off-by: yolossn <[email protected]>
k8s-ci-robot
added
the
cncf-cla: yes
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: yolossn The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
size/L
k8s-ci-robot
added
the
do-not-merge/work-in-progress
k8s-ci-robot
added
the
needs-rebase
|
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
This would be helpful for my workflow. |
|
@yolossn do you plan on fixing the conflicts or would you like help doing so? On the face of it they look relatively simple to fix. |
|
I also would like to have this. This meets my planed workflow perfectly :) |
The backend now supports two flags that can be used to make the incluster deployment authenticated by default, this allows the users to use OIDC proxies in front of headlamp without having to deal with service account token. For more details refer the issue
Fixes: #3606