Support OIDC parameters
Support configuring auth for AKS cluster (oidc-issuer-url etc).
Related issue: https://github.com/Azure/AKS/issues/10

3 comments
-
Sundip Nair commented
Refer https://github.com/Azure/aks-engine/blob/master/docs/topics/clusterdefinitions.md
The kubernetesConfig.apiServerConfig has the correct idea.
However the aks-engine fails with the following error
failed to load apimodel: error parsing the api model: Unknown JSON tag apiServerConfig.
-
Kirill Volkovich commented
It would be great!
We want to avoid usage of AAD for AKS authenticating.
For our use-case it would be much better to run something like Keycloak per AKS cluster for authentication.
We can identify users by getting email from AAD/GitHub/Google account.
Problem with AAD - only directory owners can manage groups and users.
In large organizations cross-team communication can be hard and too long process.
I expect - if I have possibility to create AKS cluster and have cluster-admin rights, I should be able to manage access to this cluster without depending on centralized organization AAD.
-
Anonymous commented
Considering that AKS is basically unusable for multiple users, this is a must.