配置 kubernetes 集群使用 OpenID Connect 认证
[英]Configure kubernetes cluster to use OpenID Connect Authentication
问题描述
Configured my kubernetes cluster to use OpenID Connect Authentication.
将我的 kubernetes 集群配置为使用 OpenID Connect 身份验证。 i'm getting the error as "error: You must be logged in to the server (Unauthorized)".我收到错误为“错误:您必须登录到服务器(未经授权)”。 I have我有
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: admin-role
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: admin-binding
subjects:
- kind: User
name: krishnavamsi@gmail.com
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin-role
Below is the part of the configuration that i have added.以下是我添加的配置部分。
users:
- name: krishnavamsi@gmail.com
user:
auth-provider:
config:
client-id: XXXXXX
client-secret: YYYYYYYYYY
id-token: ZZZZZZZZZZZZZZ
idp-issuer-url: https://accounts.google.com
refresh-token: PPPPPPPPPPPPP
name:oidc
1 个解决方案
解决方案1
1 2020-06-28 13:50:23
I now got the issue resolved.我现在解决了这个问题。 This step was missing.缺少这一步。
sed -i "/- kube-apiserver/a\ - --oidc-issuer-url=https://accounts.google.com\n - --oidc-username-claim=email\n - --oidc-client-id=[YOUR_GOOGLE_CLIENT_ID]" /etc/kubernetes/manifests/kube-apiserver.yaml on master before. sed -i "/- kube-apiserver/a\ - --oidc-issuer-url=https://accounts.google.com\n - --oidc-username-claim=email\n - --oidc-client -id=[YOUR_GOOGLE_CLIENT_ID]" /etc/kubernetes/manifests/kube-apiserver.yaml 之前在 master 上。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.