Support OIDC parameters
Support configuring auth for AKS cluster (oidc-issuer-url etc).
Related issue: https://github.com/Azure/AKS/issues/10
Sundip Nair commented
The kubernetesConfig.apiServerConfig has the correct idea.
However the aks-engine fails with the following error
failed to load apimodel: error parsing the api model: Unknown JSON tag apiServerConfig.
Kirill Volkovich commented
It would be great!
We want to avoid usage of AAD for AKS authenticating.
For our use-case it would be much better to run something like Keycloak per AKS cluster for authentication.
We can identify users by getting email from AAD/GitHub/Google account.
Problem with AAD - only directory owners can manage groups and users.
In large organizations cross-team communication can be hard and too long process.
I expect - if I have possibility to create AKS cluster and have cluster-admin rights, I should be able to manage access to this cluster without depending on centralized organization AAD.
Considering that AKS is basically unusable for multiple users, this is a must.