Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oidc parameters are not being applied to kube-apiserver #11848

Closed
sandeep-ongit opened this issue Jan 2, 2025 · 1 comment
Closed

oidc parameters are not being applied to kube-apiserver #11848

sandeep-ongit opened this issue Jan 2, 2025 · 1 comment
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@sandeep-ongit
Copy link

sandeep-ongit commented Jan 2, 2025
edited
Loading

What happened?

The OIDC parameters are not being applied to kube-apiserver manifest.
These required variables are configured in group_vars/all.yml

kube_oidc_auth: true
kube_oidc_url: https://[REDACTED]/auth/idp/k8sidp
kube_oidc_client_id: kubernetes
kube_oidc_username_claim: sub
kube_oidc_groups_claim: groups

I tried executing cluster.yml and upgrade-cluster.yml playbook, but no luck.
Note:- These parameters are not being applied even on the first execution of cluster.yml (cluster creation)

What did you expect to happen?

The OIDC parameters should be applied to /etc/kubernetes/manifests/kube-apiserver.yaml

How can we reproduce it (as minimally and precisely as possible)?

This can be reproduced by configuring these OIDC parameters in group_vars/all.yml file of Inventory folder.
And try executing cluster.yml or upgrade-cluster.yml playbook

OS

Linux 5.15.0-130-generic x86_64
PRETTY_NAME="Ubuntu 22.04.5 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.5 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

Version of Ansible

ansible [core 2.16.10]
config file = /kubespray/ansible.cfg
configured module search path = ['/kubespray/library']
ansible python module location = /usr/local/lib/python3.10/dist-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.10.12 (main, Jul 29 2024, 16:56:48) [GCC 11.4.0] (/usr/bin/python3)
jinja version = 3.1.4
libyaml = True

Version of Python

Python 3.10.12

Version of Kubespray (commit)

v2.26.0

Network plugin used

calico

Full inventory with variables

kube_oidc_auth: true
kube_oidc_url: https://[REDACTED]/auth/idp/k8sidp
kube_oidc_client_id: kubernetes
kube_oidc_username_claim: sub
kube_oidc_groups_claim: groups

Command used to invoke ansible

ansible-playbook -i /inventory/inventory.ini --private-key /root/.ssh/id_rsa -u ubuntu-user -b cluster.yml

Output of ansible run

image

Anything else we need to know

No response
@sandeep-ongit sandeep-ongit added the kind/bug Categorizes issue or PR as related to a bug. label Jan 2, 2025
@sandeep-ongit
Copy link
Author

sandeep-ongit commented Jan 2, 2025
edited
Loading

Similar case - #7786

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sandeep-ongit