Skip to content

Instantly share code, notes, and snippets.

View guillaumedossantos's full-sized avatar

guillaumedossantos

1 follower · 0 following
View GitHub Profile
@guillaumedossantos
guillaumedossantos / .kube-config
Created May 27, 2020 16:54
SSO for Kubectl with Azure AD
kubectl config set-cluster {{ cluster_name }} \
--server=https://{{ Master1 IP address }}:{{ k8s apiserver port }} \
--certificate-authority={{ /path/to/kube-CA.pem }}
kubectl config set-credentials {{ user@domain }} \
--auth-provider=azure \
--auth-provider-arg=environment=AzurePublicCloud \
--auth-provider-arg=client-id={{ azure_clientapp_ID }}\
--auth-provider-arg=tenant-id={{ azure_tenant_ID }} \
--auth-provider-arg=apiserver-id={{ azure_webapp_ID }}
@guillaumedossantos
guillaumedossantos / Oauth2_Proxy_Ingress.yaml
Created May 27, 2020 15:29
SSO for K8S Dashboard with Azure AD - 6
# ------------------- Oauth2_Proxy Ingress ------------------- #
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: oauth2-proxy
namespace: kube-system
annotations:
ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
tls:
@guillaumedossantos
guillaumedossantos / dashboard_Ingress.yaml
Created May 27, 2020 15:22
SSO for K8S Dashboard with Azure AD - 5
# ------------------- Dashboard Ingress ------------------- #
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: kubernetes-dashboard
namespace: kube-system
annotations:
nginx.ingress.kubernetes.io/auth-url: "https://{{ kubedash_FQDN }}/oauth2/auth"
nginx.ingress.kubernetes.io/auth-signin: "https://{{ kubedash_FQDN }}/oauth2/start?rd=https://$host$request_uri$is_args$args"
{% if nginx_ingress_image_version is defined and nginx_ingress_image_version is version('0.20.0', '<=') %}
@guillaumedossantos
guillaumedossantos / OAuth2_Proxy_Service.yaml
Created May 27, 2020 15:20
SSO for K8S Dashboard with Azure AD - 4
# ------------------- Oauth2_Proxy Service ------------------- #
apiVersion: v1
kind: Service
metadata:
labels:
k8s-app: oauth2-proxy
name: oauth2-proxy
namespace: kube-system
spec:
ports:
@guillaumedossantos
guillaumedossantos / self-CA-cert-ConfigMap.yaml
Last active May 27, 2020 15:16
SSO for K8S Dashboard with Azure AD - 3
kind: ConfigMap
apiVersion: v1
metadata:
name: self-ca-cert
namespace: kube-system
data:
self-ca.pem: |-
-----BEGIN CERTIFICATE-----
MIIDejCCAmKgAwIBAgIQHPNx5mx48Y5FGKZBNk7GWjANBgkqhkiG9w0BAQsFADA9
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
@guillaumedossantos
guillaumedossantos / self-CA-cert-volumeMount.yml
Last active May 27, 2020 15:16
SSO for K8S Dashboard with Azure AD - 2
volumeMounts:
- name: self-ca-cert
mountPath: /etc/ssl/certs/self-ca.pem
subPath: self-ca.pem
readOnly: false
volumes:
- name: self-ca-cert
configMap:
name: self-ca-cert
@guillaumedossantos
guillaumedossantos / OAuth2_Proxy_Deployment.yaml
Created May 27, 2020 14:48
SSO for K8S Dashboard with Azure AD - 1
# ------------------- OAuth2_Proxy Deployment ------------------- #
{% if kube_version is version('v1.16', '>=') %}
apiVersion: apps/v1
{% else %}
apiVersion: extensions/v1beta1
{% endif %}
kind: Deployment
metadata:
labels:
k8s-app: oauth2-proxy