Skip to content

Commit

Permalink
Update setup.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@int128
int128 authored Nov 1, 2019
1 parent 0257b24 commit 74108ad
Showing 1 changed file with 14 additions and 5 deletions.
19 changes: 14 additions & 5 deletions docs/setup.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ Let's see the following steps:

1. Set up the OIDC provider
1. Verify authentication
1. Bind a role
1. Bind a cluster role
1. Set up the Kubernetes API server
1. Set up the kubeconfig
1. Verify cluster access
Expand Down Expand Up @@ -142,9 +142,9 @@ It will open the browser and you can log in to the provider.
Then it will show the instruction.


## 3. Bind a role
## 3. Bind a cluster role

Bind the `cluster-admin` role to you.
In this tutorial, bind the `cluster-admin` role to you.
Apply the following manifest:

```yaml
Expand All @@ -165,7 +165,7 @@ subjects:
kubectl apply -f oidc-cluster-admin.yaml
```

As well as you can create a custom role and bind it.
As well as you can create a custom cluster role and bind it.


## 4. Set up the Kubernetes API server
Expand All @@ -188,14 +188,23 @@ spec:
oidcClientID: YOUR_CLIENT_ID
```

If you are using [kube-aws](https://github.com/kubernetes-incubator/kube-aws), append the following settings to the `cluster.yaml`:

```yaml
oidc:
enabled: true
issuerUrl: ISSUER_URL
clientId: YOUR_CLIENT_ID
```


## 5. Set up the kubeconfig

Add the following user to the kubeconfig:

```yaml
users:
- name: google
- name: oidc
user:
exec:
apiVersion: client.authentication.k8s.io/v1beta1
Expand Down

0 comments on commit 74108ad

Please sign in to comment.