cozystack icon indicating copy to clipboard operation
cozystack copied to clipboard
verified publisher icon aenix-io

Enable automatic OIDC integration for created kubernetes cluster

Open c42-konstantin opened this issue 11 months ago • 4 comments

Description

When users create a kubernetes cluster they often want to have a seamless single sign-on (SSO) using the same OIDC provider used by platform (CozyStack) itself. Something like it's done in hyperscalers. Currently kubernetes clusters require additional configuration to use platform keycloak (or other IDP) provider for authentication.

Proposed solution

Add an (optional) parameter to the 'kind: Kubernetes' spec, that allows user to specify authentication configuration of the kubernetes cluster that is going to be created. So that if cozystack has been configured with OIDC enabled a user can select this parameter as 'platform-oidc' (or something like this), if not - user can specify any another IDP that is compatible with kubernets or don't specify anything.

c42-konstantin avatar Jan 23 '25 16:01 c42-konstantin

Totally makes sense, we'll consider the implementation.

kvaps avatar Feb 06 '25 17:02 kvaps

To implement this we need to add extra options --oicd-* into KamajiControlPlane resource

https://github.com/aenix-io/cozystack/blob/1a88883a3b1dc5c4ac69f100501f982b86d02159/packages/apps/kubernetes/templates/cluster.yaml#L95-L128

kvaps avatar Feb 06 '25 17:02 kvaps

Hi, @c42-konstantin. I'm Dosu, and I'm helping the cozystack team manage their backlog and am marking this issue as stale.

Issue Summary:

  • You proposed adding an optional parameter for automatic OIDC integration during Kubernetes cluster creation to enable seamless SSO.
  • The maintainer, kvaps, responded positively and is considering the implementation.
  • Implementation would require adding extra --oidc-* options to the KamajiControlPlane resource.
  • Relevant code references were shared to guide the potential development.
  • The issue remains unresolved with no recent updates.

Next Steps:

  • Please let me know if this feature is still relevant to the latest version of the cozystack repository by commenting on this issue.
  • If I do not hear back within 7 days, the issue will be automatically closed.

Thank you for your understanding and contribution!

dosubot[bot] avatar Oct 19 '25 16:10 dosubot[bot]

This is still on a row

kvaps avatar Oct 20 '25 07:10 kvaps