I have configured OIDC with K8S. Now I would like to add multiple users who could use their gmail credentials to access k8s. How can I do this?
Should I create separate google credentials - client id and client secret? Or do i have to use the same secret and add users? I didn't find any relevant document to help me add multiple users.
You should use the same client id and secret id when generate a new token. But you should use another account. I would suggest to try open Incognito Window during the generation of the token.
Then you should create a new cluster role binding for this gmail example:
$ kubectl create clusterrolebinding cluster-admin-user1 --clusterrole=cluster-admin --user=user1@gmail.com
$ kubectl create clusterrolebinding cluster-admin-user2 --clusterrole=cluster-admin --user=user2@gmail.com
...
$ kubectl create clusterrolebinding cluster-admin-userN --clusterrole=cluster-admin --user=userN@gmail.comYou can create role binding before generation of new tokens.