dashboard
dashboard copied to clipboard
rancher
Add support for service account tokens
Internal reference: SURE-6467
A new feature, taken from the parent backend ticket: https://github.com/rancher/rancher/issues/22417
Many 3rd party integrations available for Kubernetes (e.g. for Gitlab, Vault, Avi, etc.) involve giving an external process access to the Kubernetes API using a native Kubernetes Service Account token for authentication.
Rancher's Auth Proxy currently has no notion of SA tokens and sending any request to the Rancher endpoint that uses such token will result in an auth error, but work is being done to implement this in the backend, so this is the frontend portion.
Expected behaviour:
Ranchers auth proxy should support authentication of requests that specify a Service Account token in the Authorization Bearer header
Proposed design workflow: Edit mode: https://xd.adobe.com/view/4eb8efa9-0a4c-447f-81d9-6e3e822bb236-1beb/?fullscreen View mode: https://xd.adobe.com/view/4eb8efa9-0a4c-447f-81d9-6e3e822bb236-1beb/screen/e015bf0c-261f-4efc-b75a-9e2023817183?fullscreen
https://github.com/rancher/rancher/issues/22417 is the related backend which is now in Working
https://github.com/rancher/rancher/issues/22417 is now in To Test. Confirming whether UI is now unblocked.
One thing to make this simpler (per @nwmac): on the configuration page, we could have text that says "This feature needs to be configured on the management server" or something similar without worrying out the link structure or looking up the access rights for the current user (and potentially losing a token if clicking on it).
After several discussions, we've revisited the original designs and switched to a table-based solution: Adobe Xd Prototype
UI issue reported(minor) : https://github.com/rancher/dashboard/issues/11444
