I have installed K8S using minikube on ubuntu 16.04 machine with VirtualBox driver.
I am confused with various documents that are related to this topic. Some say it is not possible with minikube, but minikube documents that it suitable for test purpose. So i believe that maybe there is a way to achieve oidc authentication with minikube. Is there any link for this which i can follow?
I want to enable oidc in my production environment. But as i am not familiar with K8S, i thought minikube would be ideal to test the feature first. That is the reason i want to know if minikube will support OIDC. If yes, i can make changes here and then replicate the same in my production environment.
I have referred the official documentation, but it does not give detailed explanation on how to obtain the oidc parameters and which files are to be modified.
Now that I have spent time on this, I am answering this question so that it can help someone. The answer is YES. Minikube provides a k8s setup which supports the OIDC based authentication. I have been able to configure it. So here is some details on how I configured the kube-apiserver parameters.
minikube start \ --extra-config=apiserver.Authorization.Mode=RBAC \ --extra-config=apiserver.Authentication.OIDC.IssuerURL=https://accounts.google.com \ --extra-config=apiserver.Authentication.OIDC.UsernameClaim=email \ --extra-config=apiserver.Authentication.OIDC.ClientID="client_id"
Also use the k8s-oidc-helper tool and get the refresh-token, id_token and other essential parameters. Then append the contents to the ~/.kube/config file, add the path for the api-server certificate and key. The user is now registered and can use Gmail id to login to k8s