Marc Boorshtein
Marc Boorshtein
@umarhussain15 this is how it works with the current Kubernetes Dashboard too
for reference, here's the PR that enabled this in the Kubernetes Dashboard - https://github.com/kubernetes/dashboard/pull/4082/commits
> can you explain this please? AFAIU the client secret will be set by the admin in in-cluster deployment only, why will there be a need to distribute client secret?...
> From my understanding, adding OIDC Impersonation support in Headlamp is not so straight forward as Kubernetes Dashboard. In Kubernetes Dashboard the client is created for every request with the...
> AFAIU A different client can be created in the IDP for headlamp right? As long as the token that is provided by the client with secret has the claims...
> Once the user completes the OIDC flow the code that is returned in the callback is exchanged for a token and is sent to the frontend, the frontend sends...
> I'm setting up Headlamp with OpenUnison to verify if this works as expected. I'll update here once I have tested it. @yolossn feel free to ping me in the...
@yolossn to deploy with entra: 1. Deploy OpenUnison with impersonation enabled - https://openunison.github.io/deployauth/ 2. Use openID Connect with EntraID. If you want to be able to use group names in...