Skip to content
This repository has been archived by the owner on Apr 4, 2023. It is now read-only.

jetstack/okta-kubectl-auth

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Okta auth plugin for kubectl

Setup

Okta

For instructions on how to set up an Okta application that uses the OIDC flow to expose user groups as JWT claims, refer to okta-setup.

okta-kubectl-auth

Once you have compiled and installed okta-kubectl-auth and created your Okta application we can use it to authenticate.

  • In the Okta console, browse to your application and on the General tab, copy your application's ClientID and Client secret
  • Browse to Security, API and copy the Issuer URI from your authorisation server

We can now run okta-kubectl-auth as follows:

okta-kubectl-auth --client-id=<client-id> --client-secret=<client-secret> --base-domain=<issuer-uri>

Follow the instructions printed by okta-kubectl-auth to complete the setup process.

kubectl

okta-kubectl-auth will output the required kubectl configuration after authentication.

apiserver

okta-kubectl-auth will output the required apiserver configuration flags after authentication. For further details, refer to the Kubernetes documentation here.

Add RBAC rules

For details on using RBAC resources in Kubernetes, refer to the Kubernetes documentation here. Note that if you configure the apiserver with the flags outputted by okta-kubectl-auth, the username and group attributes associated with request will be prepended with okta:.

Other resources