Add oidc-user-prefix and oidc-group-prefix args

This commit is contained in:
Suzuka Asagiri 2018-04-23 12:17:00 +09:00
parent d1b4ea5807
commit f81e6d2ccf
No known key found for this signature in database
GPG key ID: 052D68F9ACE41C03
3 changed files with 10 additions and 0 deletions

View file

@ -58,7 +58,9 @@ kube_users:
## Optional settings for OIDC ## Optional settings for OIDC
# kube_oidc_ca_file: {{ kube_cert_dir }}/ca.pem # kube_oidc_ca_file: {{ kube_cert_dir }}/ca.pem
# kube_oidc_username_claim: sub # kube_oidc_username_claim: sub
# kube_oidc_username_prefix: oidc:
# kube_oidc_groups_claim: groups # kube_oidc_groups_claim: groups
# kube_oidc_groups_prefix: oidc:
# Choose network plugin (cilium, calico, contiv, weave or flannel) # Choose network plugin (cilium, calico, contiv, weave or flannel)

View file

@ -73,7 +73,9 @@ kube_oidc_auth: false
## Optional settings for OIDC ## Optional settings for OIDC
# kube_oidc_ca_file: {{ kube_cert_dir }}/ca.pem # kube_oidc_ca_file: {{ kube_cert_dir }}/ca.pem
# kube_oidc_username_claim: sub # kube_oidc_username_claim: sub
# kube_oidc_username_prefix: oidc:
# kube_oidc_groups_claim: groups # kube_oidc_groups_claim: groups
# kube_oidc_groups_prefix: oidc:
## Variables for custom flags ## Variables for custom flags
apiserver_custom_flags: [] apiserver_custom_flags: []

View file

@ -73,9 +73,15 @@ spec:
{% if kube_oidc_username_claim is defined %} {% if kube_oidc_username_claim is defined %}
- --oidc-username-claim={{ kube_oidc_username_claim }} - --oidc-username-claim={{ kube_oidc_username_claim }}
{% endif %} {% endif %}
{% if kube_oidc_username_prefix is defined %}
- "--oidc-username-prefix={{ kube_oidc_username_prefix }}"
{% endif %}
{% if kube_oidc_groups_claim is defined %} {% if kube_oidc_groups_claim is defined %}
- --oidc-groups-claim={{ kube_oidc_groups_claim }} - --oidc-groups-claim={{ kube_oidc_groups_claim }}
{% endif %} {% endif %}
{% if kube_oidc_groups_prefix is defined %}
- "--oidc-groups-prefix={{ kube_oidc_groups_prefix }}"
{% endif %}
{% endif %} {% endif %}
- --secure-port={{ kube_apiserver_port }} - --secure-port={{ kube_apiserver_port }}
- --insecure-port={{ kube_apiserver_insecure_port }} - --insecure-port={{ kube_apiserver_insecure_port }}