mirror of
https://github.com/kubernetes-sigs/kubespray.git
synced 2026-04-21 18:00:29 -02:30
Implement structured authentication configuration for API server (#13035)
This commit is contained in:
@@ -53,6 +53,21 @@ credentials_dir: "{{ inventory_dir }}/credentials"
|
||||
# kube_oidc_groups_claim: groups
|
||||
# kube_oidc_groups_prefix: 'oidc:'
|
||||
|
||||
## Structured AuthenticationConfiguration https://kubernetes.io/docs/reference/access-authn-authz/authentication/#using-authentication-configuration
|
||||
## Note: --authentication-config and --oidc-* flags are mutually exclusive
|
||||
# kube_apiserver_use_authentication_config_file: false
|
||||
# kube_apiserver_authentication_config_jwt:
|
||||
# - issuer:
|
||||
# url: https://issuer.example.com
|
||||
# audiences:
|
||||
# - my-audience
|
||||
# claimMappings:
|
||||
# username:
|
||||
# expression: 'claims.sub'
|
||||
# kube_apiserver_authentication_config_anonymous:
|
||||
# enabled: "{{ kube_api_anonymous_auth }}"
|
||||
# conditions: []
|
||||
|
||||
## Variables to control webhook authn/authz
|
||||
# kube_webhook_token_auth: false
|
||||
# kube_webhook_token_auth_url: https://...
|
||||
|
||||
Reference in New Issue
Block a user