Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable cloud provided authentication methods in sidecar #222

Open
AndrewCopeland opened this issue Mar 2, 2021 · 0 comments
Open

Enable cloud provided authentication methods in sidecar #222

AndrewCopeland opened this issue Mar 2, 2021 · 0 comments

Comments

@AndrewCopeland
Copy link

Is your feature request related to a problem? Please describe.

In AWS or GCP, one can assign a mapping between cloud specific identities and k8s service accounts. Since Conjur already has AWS IAM, GCP and Azure authentication methods it would be desirable to use said identities for authentication rather than using the kubernetes authentication method.

Describe the solution you would like

Allow side car container to support alternative authentication methods like GCP, AWS IAM or Azure.

Describe alternatives you have considered

None

Additional context

  • Operational overhead is reduced since the k8s authenticator can be cumbersome because an authenticator must be configured per k8s cluster.
  • Time spent troubleshooting will be reduced since non k8s authentication methods are less complex since we are leveraging already existing cloud identities.
  • Sidecar deployment is simplified in managed k8s clusters because we are leveraging already existing cloud identities.

I have added GCP authentication in the forked repository below by implementing a factory design pattern (which could easily be implement AWS IAM and Azure authentication methods):
AndrewCopeland#1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

Successfully merging a pull request may close this issue.

2 participants