将我的kubernetes集群配置为使用OpenID Connect身份验证。我将错误显示为“错误:您必须登录到服务器(未授权)”。我有
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: admin-role
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: admin-binding
subjects:
- kind: User
name: krishnavamsi@gmail.com
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin-role
下面是我添加的配置的一部分。
users:
- name: krishnavamsi@gmail.com
user:
auth-provider:
config:
client-id: XXXXXX
client-secret: YYYYYYYYYY
id-token: ZZZZZZZZZZZZZZ
idp-issuer-url: https://accounts.google.com
refresh-token: PPPPPPPPPPPPP
name:oidc
答案 0 :(得分:1)
我现在解决了问题。此步骤丢失了。
sed -i“ /-kube-apiserver / a \---oidc-issuer-url = https://accounts.google.com \ n---oidc-username-claim =电子邮件\ n-- oidc-client-id = [YOUR_GOOGLE_CLIENT_ID]“ /etc/kubernetes/manifests/kube-apiserver.yaml在主服务器上。