I'd like to enable kubernetes webhook token authentication.
I'm expecting to get it working exactly the way it is described in official documentation webhook-token-authentication
however since i'm complete newbie to kubernetes i'm struggling to understand what steps should i take in order to achive my aim.
precondition: i'm using minikube to test it locally.
documentation says that i have to use --authentication-token-webhook-config-file but i don't understand basic things such as:
minikube start --help it doesn't seem support this flag.)authentication.k8s.io/v1beta1 for minikube apiserver (required step)There are few steps which i taken to tackle this
1. Create valid yaml or json config files pointing to your auth/authz services.
2. Make sure your services running via https protocol (neither minikube nor kubernetes will work through http)
Dummy but simple way is to use Ngrok which gives you
httpsuri which route to service running on your machine.the command will look like
ngrok protocol port->ngrok http 4567
3. Finally start minikube using command
minikube start --extra-config apiserver.Authentication.WebHook.ConfigFile=/Users/username/auth.yml --extra-config apiserver.Authorization.Mode=Webhook --extra-config apiserver.Authorization.WebhookConfigFile=/Users/username/authz.yml
Note: By default minikube mounts your Users directory therefore you can access config files over the /Users/username/path-to-file.yml
4. At last add test-user to your kube config file with no certificates and try it out.
run kubectl --context minikube-auth-test get pods
If everything was setup correctly you'll get post requests to your auth/authz services