Kubernetes 1.30: Structured Authentication Configuration Moves to Beta

Kubernetes 1.30 introduces Structured Authentication Configuration, a beta feature providing a flexible and extensible way to configure authentication. It allows multiple JWT authenticators, dynamic configuration, and support for any JWT-compliant token. The configuration is specified in a YAML file using the --authentication-config command line argument. It enables multiple audiences, supports identity providers without OpenID Connect discovery, and includes CEL support for complex token validation rules. Migration from command-line arguments to the configuration file is recommended. The configuration file provides more flexibility and allows changes without restarting the API server. In Kubernetes 1.30, the Structured Authentication Configuration feature is enabled by default and in beta stage, while command-line arguments continue to work. Future plans include exploring distributed claims and egress selector support. Feedback is welcome on the #sig-auth-authenticators-dev Kubernetes Slack channel. Individuals interested in contributing can reach out on the #sig-auth Kubernetes Slack channel. Bi-weekly SIG Auth meetings are held every other Wednesday. This feature addresses the need for a more flexible and extensible authentication system in Kubernetes. It provides more control and flexibility in configuring authentication, enabling a wider range of use cases.