Add External Identity Providers support in AKS #2861
Comments
|
What is the ETA for this in a public AKS release? I'm assuming this feature is required to implement equivalent functionality that we had with aad pod identity? |
|
Workload Identity is using OIDC Issuer which we have already published. This is adding additional OIDC Federation capabilities. We don't have an ETA yet, as we are still doing planning. |
|
@Azure/aks-pm issue needs labels |
CocoWang-wql
changed the title
|
The OIDC federation feature would be named "External Identity Providers" in AKS cluster. |
|
@Azure/aks-pm issue needs labels |
|
Will this feature be available within 3 or 6 months? |
|
This feature is in plan and checking internally about the ETA. Will update soon. |
|
The tentative date for public preview is Oct. |
ghost
added
the
|
Action required from @Azure/aks-pm |
CocoWang-wql
removed
action-required
Needs Attention 👋
|
Action required from @Azure/aks-pm |
|
Issue needing attention of @Azure/aks-leads |
1 similar comment
|
Issue needing attention of @Azure/aks-leads |
miwithro
removed
action-required
Needs Attention 👋
|
Yes. I'm using that along with dex to do GitHub Oauth to an AKS cluster. I don't have any specific documentation. But the oidc proxy should have setup instructions. I haven't touched it in 6 months so don't really remember exactly how I set it up |
I am fighting very hard not to add cynical jokes about this situation. |
Ah, humor based on my pain... btwn, cant help but notice @sspreitzer are you the guy who owns this ? im guessing yes, I have few questions, Why do would we need a Ingress for the kube-oidc-proxy ? Couldn't understand that part. ingress: |
yes, I host my code at home and mirror it to GitHub. |
|
Why would we need an Ingress for the kube-oidc-proxy ? Couldn't understand that part. ingress:
Would be helpful if there is a way I could reach out to you regarding this. Thanks in advance. |
You can open a new issue at https://git.spreitzer.ch/helm/kube-oidc-proxy/-/issues/new. Be warned, I am currently finishing a thesis paper and will not have time to reply by mid of February. |
|
Understood, Raised one.. Thanks. |
Ingress is needed because kube-oidc-proxy is how you access the cluster. The proxy is the entry point, if you look at the diagrams in the original oidc proxy documentation it shows the flow. https://github.com/jetstack/kube-oidc-proxy I believe I used the forked and maintained version of that. |
|
@artificial-aidan Thanks alot. This really helps. |
|
Action required from @Azure/aks-pm |
microsoft-github-policy-service
bot
added
the
Needs Attention 👋
|
We start the design. And we will share the progress here. |
|
another month passed guys, any updates ? |
|
I just returned from a physical meeting at Microsoft in Zurich, Switzerland with Brian Redmond (@chzbrgr71). He is one of the product managers for AKS. We discussed this issue and Brian assured me that holding Microsoft accountable for implementing this feature is good and Microsoft will take a closer look on this topic, and will definitely follow-up. I just wanted this community to know and document today's event. |
|
hi, any progress/update on this? Seems like upstream kubernetes now support multiple OIDC identity provider configurations. |
|
Hi! Just checking in here to see if there any updates on this issue. |
|
Any updates? |
AKS 1.30 was released in July 2024, and this feature is still in the backlog https://github.com/orgs/Azure/projects/685/views/1 |
|
Is there an ETA or any workaround on this? |
Currently planned for AKS 1.30 Enable OIDC Federation support to enable multi-cloud or alternative identity solutions in AKS.
https://kubernetes.io/docs/reference/access-authn-authz/authentication/#openid-connect-tokens
The text was updated successfully, but these errors were encountered: