kube-oidc-proxy icon indicating copy to clipboard operation
kube-oidc-proxy copied to clipboard

Published 20 hours ago verified publisher icon jetstack

Why not an Authenticating Proxy

Open mikebell90 opened this issue 5 years ago • 2 comments

Forgive me this ignorant question as I'm a relative Kubernetes n00b.

Why is this not implemented as an Authenticating Proxy instead of the way it is? Wouldn't that be cleaner and avoid the whole impersonation thing?

Feels cleaner to me, so I'm probably missing a crucial detail?

mikebell90 avatar May 09 '20 20:05 mikebell90

Hello!

The reason for this is when using Kubernetes platforms (GKE, EKS...) where there is no access to the API server CLI flags and so can't be configured. This means that functionality needs to be put outside of the control plane, which makes using impersonation a requirement.

JoshVanL avatar May 11 '20 09:05 JoshVanL

@JoshVanL i see a big warning at the top of the readme for this project. What makes this project not secure enough ?Is there a list of things listed somewhere which are known issues or things we need to worry about from security perspective ?

krmayankk avatar Aug 03 '20 03:08 krmayankk