i'd enable kubernetes webhook token authentication.
i'm expecting working way described in official documentation webhook-token-authentication
however since i'm complete newbie kubernetes i'm struggling understand steps should take in order achive aim.
precondition: i'm using minikube test locally.
documentation says have use --authentication-token-webhook-config-file don't understand basic things such as:
- where place file authorization config ?
- how supply above parameter minikube? (if run
minikube start --helpdoesn't seem support flag.) - how enable
authentication.k8s.io/v1beta1minikube apiserver (required step)
there few steps taken tackle
1. create valid yaml or json config files pointing auth/authz services.
2. make sure services running via https protocol (neither minikube nor kubernetes work through http)
dummy simple way use ngrok gives
httpsuri route service running on machine.the command
ngrok protocol port->ngrok http 4567
3. start minikube using command
minikube start --extra-config apiserver.authentication.webhook.configfile=/users/username/auth.yml --extra-config apiserver.authorization.mode=webhook --extra-config apiserver.authorization.webhookconfigfile=/users/username/authz.yml
note: default minikube mounts users directory therefore can access config files on /users/username/path-to-file.yml
4. @ last add test-user kube config file no certificates , try out.
run kubectl --context minikube-auth-test pods
if setup correctly you'll post requests auth/authz services
Comments
Post a Comment