From 19d61e70a9f10f1b2ea916cd553f01f84c7225d5 Mon Sep 17 00:00:00 2001 From: Hidetake Iwata Date: Sun, 26 Jan 2025 16:04:14 +0900 Subject: [PATCH] Fix client secret description (#1265) --- docs/setup.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/docs/setup.md b/docs/setup.md index c16e058..bea0176 100644 --- a/docs/setup.md +++ b/docs/setup.md @@ -68,6 +68,8 @@ Replace the following variables in the later sections. | `ISSUER_URL` | `https://keycloak.example.com/auth/realms/YOUR_REALM` | | `YOUR_CLIENT_ID` | `YOUR_CLIENT_ID` | +`YOUR_CLIENT_SECRET` is not required for this configuration. + ### Dex with GitHub You can log in with a GitHub account. @@ -130,7 +132,7 @@ Replace the following variables in the later sections. | `ISSUER_URL` | `https://YOUR_ORGANIZATION.okta.com` | | `YOUR_CLIENT_ID` | random string | -You do not need to set `YOUR_CLIENT_SECRET`. +`YOUR_CLIENT_SECRET` is not required for this configuration. If you need `groups` claim for access control, see [jetstack/okta-kubectl-auth](https://github.com/jetstack/okta-kubectl-auth/blob/master/docs/okta-setup.md) and [#250](https://github.com/int128/kubelogin/issues/250). @@ -163,9 +165,10 @@ Run the following command: kubectl oidc-login setup \ --oidc-issuer-url=ISSUER_URL \ --oidc-client-id=YOUR_CLIENT_ID - --oidc-client-secret=YOUR_CLIENT_SECRET ``` +If your provider requires a client secret, add `--oidc-client-secret=YOUR_CLIENT_SECRET`. + It launches the browser and navigates to `http://localhost:8000`. Please log in to the provider. @@ -207,9 +210,10 @@ kubectl config set-credentials oidc \ --exec-arg=get-token \ --exec-arg=--oidc-issuer-url=ISSUER_URL \ --exec-arg=--oidc-client-id=YOUR_CLIENT_ID - --exec-arg=--oidc-client-secret=YOUR_CLIENT_SECRET ``` +If your provider requires a client secret, add `--oidc-client-secret=YOUR_CLIENT_SECRET`. + ## 6. Verify cluster access Make sure you can access the Kubernetes cluster.