update kubernetes.md document
This commit is contained in:
parent
cf4f88a06e
commit
11d91c144f
@ -152,20 +152,32 @@ $ ./bin/example-app --issuer https://dex.example.com:32000 --issuer-root-ca exam
|
|||||||
|
|
||||||
Please note that the `example-app` will listen at http://127.0.0.1:5555 and can be changed with the `--listen` flag.
|
Please note that the `example-app` will listen at http://127.0.0.1:5555 and can be changed with the `--listen` flag.
|
||||||
|
|
||||||
Once the example app is running, choose the GitHub option and grant access to dex to view your profile.
|
Once the example app is running, open a browser and go to http://127.0.0.1:5555
|
||||||
|
|
||||||
|
A page appears with fields such as scope and client-id. For the most basic case these are not required, so leave the form blank. Click login.
|
||||||
|
|
||||||
|
On the next page, choose the GitHub option and grant access to dex to view your profile.
|
||||||
|
|
||||||
The default redirect uri is http://127.0.0.1:5555/callback and can be changed with the `--redirect-uri` flag and should correspond with your configmap.
|
The default redirect uri is http://127.0.0.1:5555/callback and can be changed with the `--redirect-uri` flag and should correspond with your configmap.
|
||||||
|
|
||||||
Please note the redirect uri is different from the one you filled when creating `GitHub OAuth2 client credentials`.
|
Please note the redirect uri is different from the one you filled when creating `GitHub OAuth2 client credentials`.
|
||||||
When you login, GitHub first redirects to dex (https://dex.example.com:32000/callback), then dex redirects to the redirect uri of exampl-app.
|
When you login, GitHub first redirects to dex (https://dex.example.com:32000/callback), then dex redirects to the redirect uri of example-app.
|
||||||
|
|
||||||
The printed ID Token can then be used as a bearer token to authenticate against the API server.
|
The printed "ID Token" can then be used as a bearer token to authenticate against the API server.
|
||||||
|
|
||||||
```
|
```
|
||||||
$ token='(id token)'
|
$ token='(id token)'
|
||||||
$ curl -H "Authorization: Bearer $token" -k https://( API server host ):443/api/v1/nodes
|
$ curl -H "Authorization: Bearer $token" -k https://( API server host ):443/api/v1/nodes
|
||||||
```
|
```
|
||||||
|
|
||||||
|
In the kubeconfig file ~/.kube/config, the format is:
|
||||||
|
```
|
||||||
|
users:
|
||||||
|
- name: (USERNAME)
|
||||||
|
user:
|
||||||
|
token: (ID-TOKEN)
|
||||||
|
```
|
||||||
|
|
||||||
[k8s-authz]: http://kubernetes.io/docs/admin/authorization/
|
[k8s-authz]: http://kubernetes.io/docs/admin/authorization/
|
||||||
[k8s-oidc]: http://kubernetes.io/docs/admin/authentication/#openid-connect-tokens
|
[k8s-oidc]: http://kubernetes.io/docs/admin/authentication/#openid-connect-tokens
|
||||||
[trusted-peers]: https://godoc.org/github.com/dexidp/dex/storage#Client
|
[trusted-peers]: https://godoc.org/github.com/dexidp/dex/storage#Client
|
||||||
|
Reference in New Issue
Block a user