kube-oidc-proxy
kube-oidc-proxy copied to clipboard
jetstack
Reverse proxy to authenticate to managed Kubernetes API servers via OIDC.
When using `--extra-user-header-client-ip` argument `kube-oidc-proxy` is unable to impersonate resource `userextras/remote-client-ip` with following error: ``` { "kind": "Status", "apiVersion": "v1", "metadata": { }, "status": "Failure", "message": "userextras.authentication.k8s.io \"10.251.176.235:50924\" is forbidden:...
This PR is to update alpine to the latest version `alpine:3.12.1` this will resolve CVE-2020-1967 Signed-off-by: Kieran Robinson
Hello, The current version of openssl package that comes along with this image contains the vulnerability [CVE-2020-1967](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1967) Please find the description below: **## Description:** Server or client applications that call...
Currently, when we fail a authentication on a request, we simply reply with a 403 with a "Unauthorized" response body. We may want to change this to instead return a...
Hey guys, We forked this project and seeing next error - error: You must be logged in to the server when use kubectl. curl works just fine with bearer token....
This PR metrics adds a number of metrics to the proxy. The PR should be split up fairly well per commit. It would be good to have a bit of...
https://github.com/jetstack/kube-oidc-proxy/blob/d7bef6369c58185f5a66f62a49bffb6457f9a452/pkg/probe/probe.go#L12 This go package has not been contributed to in over 3 years and many customers are integrating tools to verify health checks for services and have standardized on /readyz...
Hello, Thanks for such a useful tool. want to raise an issue about audit feature not working for `get pods `. I dont see anything in the proxy output console....
Forgive me this ignorant question as I'm a relative Kubernetes n00b. Why is this not implemented as an Authenticating Proxy instead of the way it is? Wouldn't that be cleaner...
It might be possible for the proxy to accept the impersonation headers, e.g. to support `kubectl --as`, with the use of a `SubjectAccessReview` which would authorize the user to make...
