Building a Simple OIDC Authentication Service for Kubernetes in Go

When authenticating users in Kubernetes, especially in a multi-tenancy environment, you want a simple entrypoint for your users to get their credentials. Maintaining static password or token files might be possible in Kubernetes but is probably not what you want to maintain in the long run. Instead Kubernetes offers the ability to integrate with an OpenID Connect service (OIDC). You can configure your kube-apiserver to trust a specific root CA used by the OIDC provider.

Read More