Vamsi Jakkula
Reputation: 71
Configure kubernetes cluster to use OpenID Connect Authentication
Configured my kubernetes cluster to use OpenID Connect Authentication . i'm getting the error as "error: You must be logged in to the server (Unauthorized)" . I have
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: admin-role
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: admin-binding
subjects:
- kind: User
name: [email protected]
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin-role
Below is the part of the configuration that i have added.
users:
- name: [email protected]
user:
auth-provider:
config:
client-id: XXXXXX
client-secret: YYYYYYYYYY
id-token: ZZZZZZZZZZZZZZ
idp-issuer-url: https://accounts.google.com
refresh-token: PPPPPPPPPPPPP
name:oidc
Upvotes: 0
Views: 291
Answers (1)
Vamsi Jakkula
Reputation: 71
I now got the issue resolved . This step was missing.
sed -i "/- kube-apiserver/a\ - --oidc-issuer-url=https://accounts.google.com\n - --oidc-username-claim=email\n - --oidc-client-id=[YOUR_GOOGLE_CLIENT_ID]" /etc/kubernetes/manifests/kube-apiserver.yaml on master before.
Upvotes: 1
Related Questions
- K3s Allow Unauthenticated Access to OIDC Endpoints
- kubeconfig - oidc based authentication
- Kubenetes Java client - OpenId auth support
- Provide Kubernetes cluster authentication with kubeconfig over https
- Kubernetes with Istio: Authenticate with External Oauth Service
- SSO to kubernetes with mod_auth_openidc session
- How do I authenticate with Kubernetes kubectl using a username and password?
- How can I setup kubeapi server to allow kubectl from outside the cluster
- Testing OpenID authentication with kubernetes
- Can minikube handle oidc authentication?