'Access kubernetes cluster that has oidc configured via an application inside the cluster

I want my in-cluster deployment of a app to access the kubernetes cluster that has oidc configured, how do i do that, I know one way is via service accounts but do we have something where we can use the oidc flow and the token received to make request to the cluster from within the app?

Here is the app deployment config https://gist.github.com/ashu8912/97cf92ce9b4df2f9c71671cbe45b4625

kubernetesopenid-connectazure-aksrback8s-serviceaccount


Solution 1:[1]

Let me start first with the short summary of your intention, so that we have a common baseline.

You want to talk to remote cluster (2) with oidc authentication configured, and this communication ought to be initiated by client (headlamp app) running inside your mother cluster (1).

If this is the case, the way to achieve it, is to use out-of-cluster client configuration by your headlamp app.

I assume your app is similar to Kubernetes Dashboard, and is written in Go as well, so here is the corresponding example of such an out-of-cluster configuration.

In short, this is where you should point to the existing kubeconfig file, which I assumed you previously configured with kubectl according the official documentation for the oidc-auth provider plugin. Because this kubeconfig file usually stay at your client's computer side, you should copy it to the headlamp container.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Nepomucen

Related Questions

No authentication handler is registered for the scheme 'Cookies'. The registered schemes are: Application, Bearer, ASOS

What is the best approach to logout from keycloak after authentication via pkce?

How do I validate a JWT using JwtSecurityTokenHandler and a JWKS endpoint?

Change the preferred_username in token for client credential grant flow

ASP.NET Web API and OpenID Connect: how to get Access Token from Authorization Code

What are the default Lifetime values for openiddict tokens

Web API with Microsoft Identity Platform Authentication

RFC - Adding Group Claims from OKTA to Role Claims in .net Framework Using OIDC

Blazor WebAssembly Hosted on IIS - only API is working

OpenIdConnectProtocolValidator - nonce error

Logout from Keycloak does not logout Active Directory User

OpenIDConnect provider's HTTPS certificate doesn't match configured thumbprint

How to configure Keycloak to work with Guacamole's OpenID plugin?

Web App SPA & OIDC: How to properly authenticate before accessing the front?

Null Reference Exception when calling GraphServiceClient from a .net core Razor application that uses OpenIdConnect