Kubernetes Dashboard mit Keycloak OIDC: Unterschied zwischen den Versionen

K
Zeile 136: Zeile 136:
   cookie-refresh: 4m # Zeit nach der ein neuer Access Token über den Refresh Token bezogen wird
   cookie-refresh: 4m # Zeit nach der ein neuer Access Token über den Refresh Token bezogen wird
   oidc-issuer-url: "https://<my.keycloak.server>/realms/<Realm-Name>"
   oidc-issuer-url: "https://<my.keycloak.server>/realms/<Realm-Name>"
   redirect-url: "https://<my.k8s.dashboard>/oauth2/callback"
   redirect-url: "https://<my.dashboard.url>/oauth2/callback"
   #whitelist-domain: ["*"]
   #whitelist-domain: ["*"]
   #allowed-group: ["*"]
   #allowed-group: ["*"]
Zeile 149: Zeile 149:
helm upgrade --install oauth2-proxy oauth2-proxy \
helm upgrade --install oauth2-proxy oauth2-proxy \
   --repo https://oauth2-proxy.github.io/manifests \
   --repo https://oauth2-proxy.github.io/manifests \
   --namespace kubernetes-dashboard \
   --namespace oauth2-proxy --create-namespace \
   -f values.yaml
   -f values.yaml
</syntaxhighlight>''
</syntaxhighlight>''
Zeile 173: Zeile 173:
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
kubectl apply -f oidc-role.yaml
kubectl apply -f oidc-role.yaml
</syntaxhighlight>
=== Ingress erstellen ===
<syntaxhighlight lang="yaml" line="1">
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth"
    nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri"
    nginx.ingress.kubernetes.io/auth-response-headers: "authorization"
  name: dashboard
  namespace: kubernetes-dashboard
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - my.dashboard.url
  rules:
  - host: my.dashboard.url
    http:
      paths:
      - backend:
          service:
            name: kubernetes-dashboard
            port:
              number: 443
        path: /
        pathType: Prefix
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: dashboard-oidc
  namespace: oauth2-proxy
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - my.dashboard.url
  rules:
  - host: my.dashboard.url
    http:
      paths:
      - backend:
          service:
            name: oauth2-proxy
            port:
              number: 80
        path: /oauth2
        pathType: Prefix
</syntaxhighlight>
</syntaxhighlight>