Add support for login with kubelogin #188
This MR adds support for the kubelogin helper. The helper handles the OIDC flow through a local webserver and makes refreshing the OIDC token easier.
Change already rolled out to our existing clusters.
Setup
# Homebrew (macOS and Linux)
brew install int128/kubelogin/kubelogin
# Krew (macOS, Linux, Windows and ARM)
kubectl krew install oidc-login
Then configure kubectl with:
curl --create-dirs -s https://ca.nlx.reviews/k8s-ca.crt -o ${HOME}/.kube/certs/dv-core-review/k8s-ca.crt
kubectl config set-cluster dv-core-review \
--certificate-authority=${HOME}/.kube/certs/dv-core-review/k8s-ca.crt \
--server=https://141.105.122.92
kubectl config set-credentials bart-dv-core-review \
--exec-api-version=client.authentication.k8s.io/v1beta1 \
--exec-command=kubectl \
--exec-arg=oidc-login \
--exec-arg=get-token \
--exec-arg=--listen-address=localhost:18000 \
--exec-arg=--oidc-issuer-url=https://dex.nlx.reviews \
--exec-arg=--oidc-client-id=kubernetes \
--exec-arg=--oidc-client-secret={secret} \
--exec-arg=--oidc-extra-scope=openid \
--exec-arg=--oidc-extra-scope=email \
--exec-arg=--oidc-extra-scope=groups
kubectl config set-context bart-dv-core-review \
--cluster=dv-core-review \
--user=bart-dv-core-review
kubectl config use-context bart-dv-core-review
Edited by Bart Jeukendrup