We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
As a CSP customer, I want want to get a kubeconfig in order to access the central API (securely) so that I can use it.
Most likely implemented by using an kubectl exec auth plugin that does OAuth2 Device Auth Flow.
The text was updated successfully, but these errors were encountered:
Used https://github.com/int128/kubelogin (with some inspiration from a post) to login to testbed in gx-scs.
Rough steps:
joshmue-kubectl
microprofile-jwt
email
k8s-viewer
kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 kubeadmConfigPatches: - |- kind: ClusterConfiguration apiServer: extraArgs: oidc-client-id: joshmue-kubectl oidc-issuer-url: https://keycloak.testbed.osism.xyz/auth/realms/master oidc-username-claim: email oidc-groups-claim: groups oidc-ca-file: /usr/local/share/ca-certificates/osism.crt nodes: - role: control-plane extraMounts: - hostPath: /usr/local/share/ca-certificates containerPath: /usr/local/share/ca-certificates readOnly: true - role: worker
ClusterRoleBinding
kubectl create clusterrolebinding keycloak --clusterrole view --user keycloak-admin@keycloak.testbed.osism.xyz # OR kubectl create clusterrolebinding keycloak --clusterrole view --group k8s-viewer
~/.kube/config
users
users: - name: kind-kind user: exec: apiVersion: client.authentication.k8s.io/v1beta1 command: kubectl args: - oidc-login - get-token - --oidc-issuer-url=https://keycloak.testbed.osism.xyz/auth/realms/master - --oidc-client-id=joshmue-kubectl
KUBECONFIG
kubectl get pods
Sorry, something went wrong.
joshmue
No branches or pull requests
As a CSP customer, I want want to get a kubeconfig in order to access the central API (securely) so that I can use it.
Most likely implemented by using an kubectl exec auth plugin that does OAuth2 Device Auth Flow.
Definition of Ready:
Definition of Done:
The text was updated successfully, but these errors were encountered: