K
Q

External OIDC provider with GKE

9/14/2018

I have two Kubernetes clusters in datacenters and I'm looking to create a third in public cloud. Both of my clusters use Azure AD for authentication by way of OIDC. I start my API server with the following:

--oidc-issuer-url=https://sts.windows.net/TENAND_ID/
--oidc-client-id=spn:CLIENT_ID
--oidc-username-claim=upn

I created a Kubernetes cluster on GKE, and I'm trying to figure out how to use my OIDC provider there. I know that GKE fully manages the control plane.

Is it possible to customize a GKE cluster to use my own OIDC provider, which is Azure AD in this case?

-- Daniel Watrous
azure
google-cloud-platform
google-kubernetes-engine
kubernetes
openid-connect

Similar Questions

helm variables in .Values
How to properly submit certificate for signing in Kubernetes?
Why are my CloudWatch logs not appearing?
Why deletion of a STS application is not deleting OpenEBS Jiva volume pvc's also automatically?
kubernetes deployments / replicasets are recreated after deletion

1 Answer

9/14/2018

With GKE, you have no access to modify the API server outside of the cluster creation options. So you won't be able to configure this using the fully managed GKE product.

This would be worth submitting a feature request for though.

-- Patrick W
Source: StackOverflow