Minikube 1.7.0 with OpenID and RBAC
In the article Kubernetes 1.6.1 Authentication via Google I explained how to create Google Application and generate kubernetes token. I found that people have problem and to help them to test OpenID token authorization I want to present Minikube solution. I assume this solution should remove problems with different host environments and networking issues.
I replaced Step 2 part in the article with minikube
command, before you start please finish first Step 1 and Step 3.
Here is replacement of Step 2
and short version of Step 4:
$ minikube start \
--extra-config=apiserver.Authorization.Mode=RBAC \
--extra-config=apiserver.Authentication.OIDC.IssuerURL=https://accounts.google.com \
--extra-config=apiserver.Authentication.OIDC.UsernameClaim=email \
--extra-config=apiserver.Authentication.OIDC.ClientID="123123123.apps.googleusercontent.com"
$ kubectl get no
NAME STATUS AGE VERSION
minikube Ready 8m v1.7.0
$ kubectl create clusterrolebinding cluster-admin-minikube --clusterrole=cluster-admin --user="user@exmaple.com"
$ kubectl get no --user="user@exmaple.com"
I found this approach easy to implement and good for testing applications on local environment with more close to production configurations and permissions.
Michael Nikitochkin is a Lead Software Engineer. Follow him on LinkedIn or GitHub.
If you enjoyed this story, we recommend reading our latest tech stories and trending tech stories.