| title | linkTitle | weight | date | description |
|---|---|---|---|---|
OpenID Connect Authentication |
OpenID Connect Authentication |
1 |
2018-01-02 |
Configuring minikube to use OpenID Connect Authentication
|
The kube-apiserver in minikube can be configured to support OpenID Connect Authentication.
Read more about OpenID Connect Authentication for Kubernetes here: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#openid-connect-tokens
Configuration values can be passed to the API server using the --extra-config flag on the minikube start command. See configuring_kubernetes.md for more details.
The following example configures your Minikube cluster to support RBAC and OIDC:
minikube start \
--extra-config=apiserver.authorization-mode=RBAC \
--extra-config=apiserver.oidc-issuer-url=https://example.com \
--extra-config=apiserver.oidc-username-claim=email \
--extra-config=apiserver.oidc-client-id=kubernetes-localYou can use the kubectl oidc authenticator to create a kubeconfig as shown in the Kubernetes docs: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#option-1-oidc-authenticator
minikube start already creates a kubeconfig that includes a cluster, in order to use it with your oidc authenticator kubeconfig, you can run:
kubectl config set-context kubernetes-local-oidc --cluster=minikube --user [email protected]
Context "kubernetes-local-oidc" created.
kubectl config use-context kubernetes-local-oidcFor the new context to work you will need to create, at the very minimum, a Role and a RoleBinding in your cluster to grant permissions to the subjects included in your oidc-username-claim.