-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
should add docs how to get SSO work with Dex #11
Comments
for Dex, we can use: https://github.com/mintel/dex-k8s-authenticator/tree/master/charts |
ref for tls https://gist.github.com/Soarez/9688998 |
if we can get https://github.com/gini/dexter to work with dex instead of just google accounts, then it should be great, I guess it should not be difficult because dex and google accounts are technically the same OIDC providers. |
https://github.com/int128/kubelogin can be used |
these are some notes from Dex's docs: https://github.com/dexidp/dex/blob/master/Documentation/kubernetes.md
$ kubectl create namespace dex $ kubectl create clusterrolebinding dex-cluster-admin --clusterrole=cluster-admin --serviceaccount=dex:default $ kubectl create secret tls auth.k8s.local.tls --cert=ssl/cert.pem --key=ssl/key.pem --namespace=dex kubectl create secret kubectl create -f dex.yaml --namespace=dex
$ ./bin/example-app --issuer https://auth.k8s.local:32000 --issuer-root-ca examples/k8s/ssl/ca.pem $ token=''
kubectl config set-credentials hoatle@teracy.com |
this way is better by deploying dex (auth.k8s.local) and dex-k8s-authenticator (login.k8s.local) helm charts, so make sure to configure these domain aliases (see https://github.com/teracyhq-incubator/teracy-dev-entry-k8s#domain-aliases) auth.k8s.local Dex Deployment
And the adjust the
Create github oauth app to fill in the client id and client secret, make sure the matching redirect uri. You can use Then deploy it:
After that,
Configure the k8s api serverSet the ansible config, through the
After that, login.k8s.local Dex K8s Authenticator Deployment
Fill in the details, for example:
After that:
and open https://login.k8s.local for instruction Remember to assign roles for the authenticated users and follow the login instruction to access the k8s cluster, for example:
|
This setup should work similarly with other OIDC providers (keycloak, for example) |
…x: apply review comments
@ #11 | should add docs how to get SSO work with Dex
https://github.com/coreos/dex
so that we can manage users, it's expected that this SSO service will be used for both k8s and other services on top of k8s (think about service mesh integration, eg: https://istio.io/)
The text was updated successfully, but these errors were encountered: