External auth proxy

Hey All,

I’d like to terminate authentication at an external auth proxy that is being used by multiple other services - This involves the proxy passing a remote user header. Looking at the documentation I can’t seem to find if this is supported with the built in rancher authentication proxy trying to do all the work.

I’d like to remove this responsibility from Rancher, as i don’t want to configure an app in the IDP for each rancher deployment. Has anyone else attempted this, is it possible or will i only find tales of woe?



There is no disabling or externalizing auth.

I don’t know how you would really make that work; you don’t always want $externalThing deciding if a request should be passed through, API keys and or token in a kubeconfig still need to work.

Also we need to know what groups you’re a member of, what users and groups exist to allow managing picking those for RBAC, etc.