Hey Team, For the K8s integration with JWT authentication, can we use a different issuer other than kubernetes, for example Azure-AD ?
Same thing with GitHub, can ‘azure AD’ be used as the issuer, instead of GitHub ?
Thanks,
Senthil
Hi @senko -
I can’t speak for the GitHub integration, but our K8s integration uses our general-purpose JWT Authenticator under the hood, so you should be able to authenticate using tokens issued by another broker. Our Kubernetes integration documentation covers using AuthnJWT with K8s-issued ServiceAccount tokens as this is a common use-case, but it isn’t required.
The only requirement for our K8s integrations is that the third-party issued JWTs need to be accessible as files in the container. Usually this is done by ServiceAccount token volume projection, but you’ll have to manage this manually. Use the JWT_TOKEN_PATH environment variable (K8s Authenticator client, Secrets Provider) or the conjur.org/jwt-token-path annotation (Secrets Provider) to point the integration to the JWT-containing volume.
Take a closer look at the documentation for our general-purpose JWT Authenticator for setup instructions that don’t apply directly to the K8s issue use-case.