epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-28 09:39:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added Support for OpenID Connect Authentication

Browse Source 
To use OpenID Connect Authentication beside deploying an OpenID Connect
Identity Provider it is necesarry to pass additional arguments to the Kube API Server.
These required arguments were added to the kube apiserver manifest.
This commit is contained in:
Vincent Schwarzer
2017-02-27 13:24:21 +01:00
parent 85596c2610
commit b075960e3b
3 changed files with 36 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
inventory/group_vars/k8s-cluster.yml
View File

@@ -57,6 +57,19 @@ kube_users:
pass: "{{kube_api_pwd}}"
role: admin
## Variables for OpenID Connect Configuration https://kubernetes.io/docs/admin/authentication/
## To use OpenID you have to deploy additional an OpenID Provider (e.g Dex, Keycloak, ...)
# kube_oidc_auth: false
# kube_oidc_url: https:// ...
# kube_oidc_client_id: kubernetes
## Optional settings for OIDC
# kube_oidc_ca_file: {{ kube_cert_dir }}/ca.pem
# kube_oidc_username_claim: sub
# kube_oidc_groups_claim: groups
# Choose network plugin (calico, weave or flannel)
# Can also be set to 'cloud', which lets the cloud provider setup appropriate routing
kube_network_plugin: calico