octant
octant copied to clipboard
Support OIDC authentication
Octant should be able to be configured to use an OIDC provider.
The User/Group configuration in the provider would include the kubeconfig that should be applied to the user when logging in.
related #362
@wwitzel3 Does this issue include adding support for oidc based authentication as well?
On a side note, is octant intended to be run on a remote machine and accessed by multiple users? Quoting from docs:
Or to run it on a specific host and fixed port:
OCTANT_LISTENER_ADDR=0.0.0.0:8900 octant
Octant intended to be run as a desktop/client application. That is provided as a work-around for if our default port, 7777 is taken on the the machine. The electron version of Octant, finds an available port to use.
There is no multi-user support in Octant. It uses the kubeconfig provided to control access to the cluster.
We are exploring what running Octant in cluster might look like, but at this time there is no official support for it.
Thank you @wwitzel3
FYI: A continuation of the above conversation - https://kubernetes.slack.com/archives/CM37M9FCG/p1594922940342900
In an environment like Kubeflow, users are delegated control of their namespace and a URL for accessing those resources. In that environment, kubectl is available with the permissions of the associated service account. It would be great to be able to view the octant console from the Kubeflow environment. I think all of the pieces are there except the choice of backing authentication, kubeconfig vs mounted service account credentials. This feels like something well worth exploring.
any update?