1
0
forked from k-space/kube

Update Kube API OIDC configuration

This commit is contained in:
Lauri Võsandi 2023-08-03 17:05:11 +03:00
parent 603b237091
commit a97b664485

View File

@ -36,9 +36,9 @@ patch /etc/kubernetes/manifests/kube-apiserver.yaml - << EOF
- --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt - --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
- --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key - --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key
- --etcd-servers=https://127.0.0.1:2379 - --etcd-servers=https://127.0.0.1:2379
+ - --oidc-issuer-url=https://auth.k-space.ee + - --oidc-issuer-url=https://auth2.k-space.ee/
+ - --oidc-client-id=kubelogin + - --oidc-client-id=kubelogin
+ - --oidc-username-claim=preferred_username + - --oidc-username-claim=sub
+ - --oidc-groups-claim=groups + - --oidc-groups-claim=groups
- --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt - --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt
- --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key - --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key
@ -77,8 +77,8 @@ users:
args: args:
- oidc-login - oidc-login
- get-token - get-token
- --oidc-issuer-url=https://auth.k-space.ee - --oidc-issuer-url=https://auth2.k-space.ee/
- --oidc-client-id=kubelogin - --oidc-client-id=oidc-gateway-kubelogin
- --oidc-use-pkce - --oidc-use-pkce
- --oidc-extra-scope=profile,email,groups - --oidc-extra-scope=profile,email,groups
- --listen-address=127.0.0.1:27890 - --listen-address=127.0.0.1:27890