1
0
forked from k-space/kube

Update README: Cluster access OIDC Client ID

This commit is contained in:
rasmus 2024-02-01 19:38:47 +02:00
parent 776535d6d5
commit ab7e4d10e4

View File

@ -24,7 +24,7 @@ patch /etc/kubernetes/manifests/kube-apiserver.yaml - << EOF
- --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key - --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key
- --etcd-servers=https://127.0.0.1:2379 - --etcd-servers=https://127.0.0.1:2379
+ - --oidc-issuer-url=https://auth2.k-space.ee/ + - --oidc-issuer-url=https://auth2.k-space.ee/
+ - --oidc-client-id=kubelogin + - --oidc-client-id=oidc-gateway.kubelogin
+ - --oidc-username-claim=sub + - --oidc-username-claim=sub
+ - --oidc-groups-claim=groups + - --oidc-groups-claim=groups
- --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt - --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt
@ -65,7 +65,7 @@ users:
- oidc-login - oidc-login
- get-token - get-token
- --oidc-issuer-url=https://auth2.k-space.ee/ - --oidc-issuer-url=https://auth2.k-space.ee/
- --oidc-client-id=oidc-gateway-kubelogin - --oidc-client-id=oidc-gateway.kubelogin
- --oidc-use-pkce - --oidc-use-pkce
- --oidc-extra-scope=profile,email,groups - --oidc-extra-scope=profile,email,groups
- --listen-address=127.0.0.1:27890 - --listen-address=127.0.0.1:27890