aws-load-balancer-controller icon indicating copy to clipboard operation
aws-load-balancer-controller copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

OIDC with IngressGroup

Open nyaaao opened this issue 1 year ago • 2 comments

Describe the bug Our setup uses OIDC authentication with IngressGroup. The auth action does not get attached to the LoadBalancer Rule unless we add OIDC-related annotations to the corresponding ingress. Since OIDC annotations reference a secret that has to be in the same namespace as the Ingress, we have to ensure the secret is present in each namespace where the ingress with the group is present Steps to reproduce

Expected outcome We would like to have OIDC annotations only on 1 of the ingresses (that also has other exclusive annotations) instead of having to duplicate it over on each ingress

Environment

  • AWS Load Balancer controller version v2.7.2
  • Kubernetes version 1.25
  • Using EKS (yes/no), if so version? 1.25.16

nyaaao avatar Sep 23 '24 07:09 nyaaao

This is great suggestion. We can add this to IngressClassParam spec to avoid the conflicts. This will be a good enhancement to the controller and we welcome any community contributions for this.

shraddhabang avatar Sep 25 '24 21:09 shraddhabang

/assign

chetak123 avatar Sep 29 '24 09:09 chetak123

/assign

saiaunghlyanhtet avatar Nov 14 '24 08:11 saiaunghlyanhtet

@saiaunghlyanhtet

Any update on this? We would love to have this implimented ASAP so we dont have to keep manually updating the load balancer rules.

tjc-enoch avatar Nov 27 '24 20:11 tjc-enoch

@saiaunghlyanhtet Hi, are you still working on this? If not, I'll implement this feature!

kellyyan avatar Dec 04 '24 22:12 kellyyan

/assign I'll implement this.

kellyyan avatar Mar 11 '25 22:03 kellyyan

@nyaaao Are you looking for the annotation to take in a namespace for the secret?

kellyyan avatar Mar 12 '25 22:03 kellyyan