Advanced OIDC parameters

[mhurtrel]

As a Managed Kubernetes user using OIDC https://github.com/ovh/public-cloud-roadmap/issues/17 I want to be able to add optionnal parameters listed here : https://kubernetes.io/docs/reference/access-authn-authz/authentication/#configuring-the-api-server So that I can use more than basic user managements

[flying-kestrel]

Any rough estimates for when this feature would be available via the API? I'm not looking for a watertight guarantee, just wondering if the time is best measured in weeks or months.

[mhurtrel]

@flying-kestrel i dont have yet a commited eta (will make to have one after the end-of-year holidays) but i have strong hope we will have it in the upcoming quarter

[kennylam777]

I hope that we can use --oidc-username-claim=email at least, as it is quite a common requirement in production k8s for organisations.

[OMarohn]

Any news to that issue? Need also the Groups support.

[mhurtrel]

Hello @OMarohn group support is part of the feature yep. I do not have precise eta yet, the feature is being developped.

[jMonsinjon]

Hello We planned to deliver this feature for the end of October.

New ApiServer's parameters (not yet defined on our API) --oidc-username-claim --oidc-username-prefix --oidc-groups-claim --oidc-groups-prefix --oidc-required-claim --oidc-ca-file

[SimonRTC]

Any news on that feature release date?

[mhurtrel]

Hi @SimonRTC We had some unexpected delay but plan to deliver the feature next week (API only at first)

[zeeZ]

The new parameters appeared in the api today and worked like a charm :D

[OlivierJavaux]

Just tested and it works exactly as expected! Many thanks @mhurtrel

[scraly]

Hi, for your information we published a tutorial in order to configure the new parameters through the Control Panel (soon), the API and Terraform: https://docs.ovh.com/gb/en/kubernetes/configure-oidc-provider/

[bmm-alc]

I think this issue can be closed, right ?