forked from k-space/kube
Update Kube API OIDC configuration
This commit is contained in:
parent
603b237091
commit
a97b664485
@ -36,9 +36,9 @@ patch /etc/kubernetes/manifests/kube-apiserver.yaml - << EOF
|
|||||||
- --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
|
- --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
|
||||||
- --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key
|
- --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key
|
||||||
- --etcd-servers=https://127.0.0.1:2379
|
- --etcd-servers=https://127.0.0.1:2379
|
||||||
+ - --oidc-issuer-url=https://auth.k-space.ee
|
+ - --oidc-issuer-url=https://auth2.k-space.ee/
|
||||||
+ - --oidc-client-id=kubelogin
|
+ - --oidc-client-id=kubelogin
|
||||||
+ - --oidc-username-claim=preferred_username
|
+ - --oidc-username-claim=sub
|
||||||
+ - --oidc-groups-claim=groups
|
+ - --oidc-groups-claim=groups
|
||||||
- --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt
|
- --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt
|
||||||
- --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key
|
- --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key
|
||||||
@ -77,8 +77,8 @@ users:
|
|||||||
args:
|
args:
|
||||||
- oidc-login
|
- oidc-login
|
||||||
- get-token
|
- get-token
|
||||||
- --oidc-issuer-url=https://auth.k-space.ee
|
- --oidc-issuer-url=https://auth2.k-space.ee/
|
||||||
- --oidc-client-id=kubelogin
|
- --oidc-client-id=oidc-gateway-kubelogin
|
||||||
- --oidc-use-pkce
|
- --oidc-use-pkce
|
||||||
- --oidc-extra-scope=profile,email,groups
|
- --oidc-extra-scope=profile,email,groups
|
||||||
- --listen-address=127.0.0.1:27890
|
- --listen-address=127.0.0.1:27890
|
||||||
|
Loading…
Reference in New Issue
Block a user