Minikube 1.7.0 with OpenID and RBAC

Minikube 1.7.0 with OpenID and RBAC

In the article Kubernetes 1.6.1 Authentication via Google I explained how to create Google Application and generate kubernetes token. I found that people have problem and to help them to test OpenID token authorization I want to present Minikube solution. I assume this solution should remove problems with different host environments and networking issues.

I replaced Step 2 part in the article with minikube command, before you start please finish first Step 1 and Step 3.

Here is replacement of Step 2 and short version of Step 4:

$ minikube start \
      --extra-config=apiserver.Authorization.Mode=RBAC \
      --extra-config=apiserver.Authentication.OIDC.IssuerURL=https://accounts.google.com \
      --extra-config=apiserver.Authentication.OIDC.UsernameClaim=email \
      --extra-config=apiserver.Authentication.OIDC.ClientID="123123123.apps.googleusercontent.com"

$ kubectl get no
NAME       STATUS    AGE       VERSION
minikube   Ready     8m        v1.7.0

$ kubectl create clusterrolebinding cluster-admin-minikube --clusterrole=cluster-admin --user="user@exmaple.com"

$ kubectl get no --user="user@exmaple.com"

I found this approach easy to implement and good for testing applications on local environment with more close to production configurations and permissions.

Michael Nikitochkin is a Lead Software Engineer. Follow him on LinkedIn or GitHub.

If you enjoyed this story, we recommend reading our latest tech stories and trending tech stories.