Kubernetes does have authorization policy.
And furthermore, they have authentication module of OIDC. That means the API Server does have the ability to read requests with id_tokens as described in OpenIDConnect protocol.
Question asked, why didnt they implemented a client of OAuth as part of the API server.
Instead of me trying to think of how to generate id_token to my users. The API Server could have been a Client of OAuth, running with client_id and client_secret, and can open my browser and ask me to log in? Or instead just give a link that I need to open and do the authentication in, that way they wont have to install anything on my computer
What do you think?
Thanks, Omer
Cluster information:
Kubernetes version:
Cloud being used: (put bare-metal if not on a public cloud)
Installation method:
Host OS:
CNI and version:
CRI and version:
You can format your yaml by highlighting it and pressing Ctrl-Shift-C, it will make your output easier to read.