Kubectl authentication with OIDC

Page content

Kuberos is an OIDC authentication helper for Kubernetes’ kubectl

Parst of the Openshift series

  • Part1: Install K8S with ansible
  • Part2: Install K8S with kubeadm
  • Part3: Install ingress to K8S
  • Part4: Intall metal-lb with K8S
  • Part5: Use ceph persisten volume with K8S
  • Part6: Use ceph CSI persisten volume with K8S
  • Part7: Use Helm with K8S
  • Part8: Use Tillerless Helm with K8S

    cat >>EOF< values.yaml
    replicaCount: 1
    
    kuberos:
    oidcClientURL: https://sso.mydomain.intra/auth/realms/mydomain
    oidcClientID: mydomain
    oidcSecret: ******************************
    clusters:
    - name: openshift
    apiServer: https://192.168.1.41:6443
    # `apiServer` is the url for kubectl
    #   This is typically  https://api.fqdn
    caCrt: |-
      -----BEGIN CERTIFICATE-----
      ...
      -----END CERTIFICATE-----
    # `caCrt` is the public / CA cert for the cluster
    # cat /etc/kubernetes/pki/apiserver.crt
    
    ingress:
    enabled: true
    annotations:
    kubernetes.io/tls-acme: "true"
    ingress.kubernetes.io/force-ssl-redirect: "true"
    path: /
    hosts:
    - kubectl.openshift.mydomain.intra
    tls:
    - secretName: default-cert
      hosts:
        - kubectl.openshift.mydomain.intra
    
    image:
    repository: negz/kuberos
    tag: ede4085
    pullPolicy: IfNotPresent
    
    service:
    type: ClusterIP
    port: 80
    annotations: {}
    # Add your service annotations here.
    
    resources: {}
    EOF
    
    helm install stable/kuberos --name kuberos --namespace kuberos -f values.yaml
    
comments powered by Disqus