Git Product home page Git Product logo

Comments (6)

simonpasquier avatar simonpasquier commented on July 3, 2024

Thanks for the report and sorry for the late reply! I did a quick test and I agree that we should be setting ClientAuth: tls.RequestClientCert here. The fix itself is very simple but adding a test case is more involved. If someone wants to have a look, they're welcome :)

cc @s-urbaniak for awareness.

from kube-rbac-proxy.

nabokihms avatar nabokihms commented on July 3, 2024

I feel like I can give it a try if you do not mind.

from kube-rbac-proxy.

s-urbaniak avatar s-urbaniak commented on July 3, 2024

@nabokihms generally the addition of RequestClientCert makes sense to me, but out of curiosity to understand why we need that option, do you also want to contribute a client-cert based authenticator in kube-rbac-proxy as well?

from kube-rbac-proxy.

nabokihms avatar nabokihms commented on July 3, 2024

The client-cert based authenticator is already in the code.

Actually, this authenticator is a combination of various authenticators.

Look here. The New method shows exactly how it combines authenticators and which authentication types you can use.

So, two thing you need to do to make client-cert based authenticator works:

  • Add srv.TLSConfig.ClientAuth = tls.RequestClientCert
  • Specify --client-ca-file=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt flag for kube-rbac-proxy instance.

from kube-rbac-proxy.

nabokihms avatar nabokihms commented on July 3, 2024

I forked this proxy and tested it (I think it was a year ago). In our Kubernetes clusters, we use both tokens and certs.

from kube-rbac-proxy.

s-urbaniak avatar s-urbaniak commented on July 3, 2024

Ahh, ok i was always under the impression that the delegating authenticator just does the token review. Yes, this makes perfect sense to me now 👍 Indeed, that would be a great contribution!

from kube-rbac-proxy.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.