Add support for structured authentication configuration

Question

Add support for structured authentication configuration

bmiddha opened this issue a month ago · comments

Feature Request

Add support for structured authentication configuration to add authentication providers to the cluster.

Description

I'm looking into using the Structured Authentication Configuration feature in my Talos cluster. The APIServerConfig does not support adding this config file for kube-apiserver.

Feature gate

Feature	Default	Stage	Since	Until
StructuredAuthenticationConfiguration	false	Alpha	1.29	1.29
StructuredAuthenticationConfiguration	true	Beta	1.30	-

https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/

It requires a file provided as --authentication-config to kube-apiserver.

To use structured authentication configuration, you specify the path to the authentication configuration using the --authentication-config command line argument in the API server.

https://kubernetes.io/blog/2024/04/25/structured-authentication-moves-to-beta/

Bharat Middha · Answer 1 · Mon Jun 24 2024 13:14:59 GMT+0800 (China Standard Time)

Is this something that I can contribute? I can follow the pattern used for the --admission-control-config-file and --audit-policy-file params.

Noel Georgi · Answer 2 · Mon Jun 24 2024 13:17:28 GMT+0800 (China Standard Time)

Is this something that I can contribute? I can follow the pattern used for the --admission-control-config-file and --audit-policy-file params.

Yes, this would be good. The only minor concern is the n-5 support Talos has for k8s, so this can only support for clusters running 1.30, probably can handle that in https://github.com/siderolabs/go-kubernetes/