Use dex for service account tokens to authorize pods? #2894
Unanswered
dermicus-miclip
asked this question in
Q&A
Replies: 1 comment
-
|
You are right, Dex is primarily used for authorizing users, not other services (simply due to how interaction with upstream providers work). We do have a feature request however to support something similar: #2806 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
My use case is the following:
My pods require access to AWS resources, but the cluster we currently have is not running in AWS.
In order to solve this, I used the builtin OIDC of the cluster to feed service account tokens to the pods.
This works and is a very clean approach (see https://hangarau.space/providing-access-to-aws-resources-from-kubernetes-pods-using-oidc/)
Now in order to do authentication for other services (kubectl and any other internal services of the cluster), we need dex anyway. Is there any way I could achieve the same thing by using dex, or is this not a use case that can be solved by dex?
My gut feeling tells me that dex is not meant to be used like this, but it would be helpful to have someone rule this one out for me. I can find some references that dex does not support machine to machine communication, which this is clearly.
If you have other ideas on how you would solve this problem, you can also let me know :).
Beta Was this translation helpful? Give feedback.
All reactions