Describe the bug
When using several k8s-clusters with configured dex on each of them, could not set unique tokens for each cluster-user
Loginapp & Dex version
loginapp: v3.2.3
dex: v2.25.0
Configuration
scopes:
- openid
- profile
- email
- offline_access
- groups
- audience:server:client_id:"oidc-client"
web:
mainUsernameClaim: email
To Reproduce
Login with dex and apply loginapp generated k8s-config for the first k8s-cluster
we`ll get:
- cluster
- context
- user
One same host, login to second cluster, using dex+loginapp and get its kubeconfig
Applying it will:
- cluster (add)
- context (add)
- user (REWRITE previous)
Now we are not allowed to do anything in first cluster, because user-token is rewrited by second config
Expected behavior
username should optionally contain cluster-name in loginapp html. Like
users:
- name: SomeUser@ClusterName
Additional context
It is very important for people, who use a lot of k8s-contexts on one host. As an example - look the way gangway used to handle with it:
kubeCfgUser := strings.Join([]string{username, cfg.ClusterName}, "@")
...
kubectl config set-credentials "{{ .KubeCfgUser }}"
Describe the bug
When using several k8s-clusters with configured dex on each of them, could not set unique tokens for each cluster-user
Loginapp & Dex version
loginapp:
v3.2.3dex:
v2.25.0Configuration
scopes:
web:
mainUsernameClaim: email
To Reproduce
Login with dex and apply loginapp generated k8s-config for the first k8s-cluster
we`ll get:
One same host, login to second cluster, using dex+loginapp and get its kubeconfig
Applying it will:
Now we are not allowed to do anything in first cluster, because user-token is rewrited by second config
Expected behavior
username should optionally contain cluster-name in loginapp html. Like
users:
Additional context
It is very important for people, who use a lot of k8s-contexts on one host. As an example - look the way gangway used to handle with it:
kubeCfgUser := strings.Join([]string{username, cfg.ClusterName}, "@")
...
kubectl config set-credentials "{{ .KubeCfgUser }}"