-
Notifications
You must be signed in to change notification settings - Fork 113
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handle shoot-oidc-service
extension when provisioning kyma
#3316
Comments
Open
3 tasks
PR from @kyma-project/otters for provisioner: #3358 Docs from Gardener: https://github.com/gardener/gardener-extension-shoot-oidc-service/blob/master/docs/usage/openidconnects.md |
We have it on our TODO list, but right now - based on the current ranked backlog it will be considered as part of our deliverables in Q2/24. |
We agreed on following implementation on KIM side:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Provisioner should always enable
shoot-oidc-service
feature flag when provisioning kyma runtimeWhen additional OIDC issuer is requested, provisioner should create this OIDC resource in the provisioned shoot cluster
https://community.sap.com/t5/additional-blogs-by-sap/using-github-actions-openid-connect-in-kubernetes/ba-p/13542513
and configure cluster admin role binding for the subject of the token issued by the additional issuer.
AC
oidcConfig
(default value is Kyma-OIDC provider - it will be only set if no configuration is provided by KEB)additionalOidcConfigs
(is a list, if list is empty KIM has to set one default entry to the list)Reasons
It is required for the kyma-project/kyma#18305
Attachments
kyma-project/kyma#18519 (comment)
https://github.com/kyma-project/control-plane/tree/main/components/provisioner
Sample resource:
The text was updated successfully, but these errors were encountered: