From a97b66448527d18ded9acfba42856455beaa886f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= Date: Thu, 3 Aug 2023 17:05:11 +0300 Subject: [PATCH] Update Kube API OIDC configuration --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 5c6cb8d..0ae9d98 100644 --- a/README.md +++ b/README.md @@ -36,9 +36,9 @@ patch /etc/kubernetes/manifests/kube-apiserver.yaml - << EOF - --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt - --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key - --etcd-servers=https://127.0.0.1:2379 -+ - --oidc-issuer-url=https://auth.k-space.ee ++ - --oidc-issuer-url=https://auth2.k-space.ee/ + - --oidc-client-id=kubelogin -+ - --oidc-username-claim=preferred_username ++ - --oidc-username-claim=sub + - --oidc-groups-claim=groups - --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt - --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key @@ -77,8 +77,8 @@ users: args: - oidc-login - get-token - - --oidc-issuer-url=https://auth.k-space.ee - - --oidc-client-id=kubelogin + - --oidc-issuer-url=https://auth2.k-space.ee/ + - --oidc-client-id=oidc-gateway-kubelogin - --oidc-use-pkce - --oidc-extra-scope=profile,email,groups - --listen-address=127.0.0.1:27890