Resolve "Verify JWT audience in internal Kubernetes Agent API endpoint"
What does this MR do and why?
This MR allows to verify the audience when decoding a JWT and uses that feature for the KAS JWT auth.
This has been introduced in KAS a while back with More comprehensive JWT (gitlab-org/cluster-integration/gitlab-agent!114 - merged)
The ruby jwt gem supports this and it works similar to the issuer verification.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #267958 (closed)
Edited by Timo Furrer