-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auth fails with okta SSO auth provider #15
Comments
Added cmd-path: kubectl and cmd-args: get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes.io/service-account.name']=='default')].data.token}" to derive a token using the standard token_from_auth_provider method, but it is getting 404 auth failed after that. |
However, this does work with curl:
|
I had left out the base64 decoding! This is now workitng with cmd-path: ~/bin/get_kube_token.sh, with this file being:
|
When using .kube/config which describes okta auth, K8s::Client fails with
When I tracked this down, transport.rb:76 is dispatching this to the self.token_from_auth_provider(auth_provider) method, which expects a 'cmd-path' key to exist; however, in my configuration, that does not exist:
^ This is from introspecting with a binding.pry on line 79 of transport.rb. I suppose this means there's no default support for idp / saml auth yet in k8s-client. I've done some cursory research into ruby-saml and ruby-saml-idp but not yet figured out how to get the information necessary to auth with them. Will continue researching as I can, and track in this issue.
The text was updated successfully, but these errors were encountered: