github/kubelogin
1
0
Fork 0
mirror of https://github.com/int128/kubelogin.git synced 2026-02-14 16:39:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Hidetake Iwata
2018-08-14 16:33:00 +09:00
committed by GitHub
parent cfc6376f69
commit ea711f91b4
1 changed files with 18 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
README.md
View File

@@ -3,6 +3,13 @@
`kubelogin` is a command to get an OpenID Connect (OIDC) token for `kubectl` authentication.
## TL;DR
1. Setup your OpenID Connect provider, e.g. Google Identity Platform or Keycloak.
1. Setup your Kubernetes cluster.
1. Setup `kubectl` and `kubelogin`.
## Getting Started with Google Account
### 1. Setup Google API
@@ -12,10 +19,9 @@ Open [Google APIs Console](https://console.developers.google.com/apis/credential
- Application Type: Web application
- Redirect URL: `http://localhost:8000/`
### 2. Setup Kubernetes API Server
Setup the Kubernetes API Server accepts an ID token.
### 2. Setup Kubernetes cluster
Configure your Kubernetes API Server accepts [OpenID Connect Tokens](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#openid-connect-tokens).
If you are using [kops](https://github.com/kubernetes/kops), run `kops edit cluster` and append the following settings:
```yaml
@@ -25,8 +31,6 @@ spec:
oidcClientID: YOUR_CLIENT_ID.apps.googleusercontent.com
```
### 3. Assign a role
Here assign the `cluster-admin` role to your user.
```yaml
@@ -43,7 +47,7 @@ subjects:
name: https://accounts.google.com#1234567890
```
### 4. Setup kubectl and kubelogin
### 3. Setup kubectl and kubelogin
Setup `kubectl` to authenticate with your identity provider.
@@ -55,6 +59,8 @@ kubectl config set-credentials CLUSTER_NAME \
--auth-provider-arg client-secret=YOUR_CLIENT_SECRET
```
Download [the latest release](https://github.com/int128/kubelogin/releases) and save it.
Run `kubelogin` and open http://localhost:8000 in your browser.
```
@@ -106,10 +112,9 @@ Create an OIDC client as follows:
Then create a group `kubernetes:admin` and join to it.
### 2. Setup Kubernetes API Server
Setup the Kubernetes API Server accepts an ID token.
### 2. Setup Kubernetes cluster
Configure your Kubernetes API Server accepts [OpenID Connect Tokens](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#openid-connect-tokens).
If you are using [kops](https://github.com/kubernetes/kops), run `kops edit cluster` and append the following settings:
```yaml
@@ -120,8 +125,6 @@ spec:
oidcGroupsClaim: groups
```
### 3. Assign a role
Here assign the `cluster-admin` role to the `kubernetes:admin` group.
```yaml
@@ -138,7 +141,7 @@ subjects:
name: /kubernetes:admin
```
### 4. Setup kubectl and kubelogin
### 3. Setup kubectl and kubelogin
Setup `kubectl` to authenticate with your identity provider.
@@ -150,7 +153,10 @@ kubectl config set-credentials CLUSTER_NAME \
--auth-provider-arg client-secret=YOUR_CLIENT_SECRET
```
Download [the latest release](https://github.com/int128/kubelogin/releases) and save it.
Run `kubelogin` and make sure you can access to the cluster.
See the previous section for details.
## Tips