salrashid123
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| clusters: | |
| - name: my-authz-service | |
| cluster: | |
| certificate-authority: /var/lib/localkube/certs/webhook_ca.crt | |
| server: https://webhook.domain.local:8081/authorize | |
| users: | |
| - name: my-api-server | |
| user: | |
| client-certificate: /var/lib/localkube/certs/webhook_plugin.crt | |
| client-key: /var/lib/localkube/certs/webhook_plugin.key |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ minikube start \ | |
| --extra-config apiserver.Authentication.WebHook.ConfigFile=/var/lib/localkube/authn.yaml \ | |
| --extra-config apiserver.Authorization.Mode=Webhook \ | |
| --extra-config apiserver.Authorization.WebhookConfigFile=/var/lib/localkube/authz.yaml |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -vk \ | |
| -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6InVzZXIxQGRvbWFpbi5jb20ifQ.W0Ek34LU4WQOxXdTqZ9Z-0kESz0wIEdYehxZHlTjt2I" \ | |
| https://192.168.39.196:8443/api/ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| clusters: | |
| - cluster: | |
| certificate-authority: /home/srashid/.minikube/ca.crt | |
| server: https://192.168.39.196:8443 | |
| name: minikube | |
| contexts: | |
| - context: | |
| cluster: minikube | |
| user: minikube |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "apiVersion": "authentication.k8s.io/v1beta1", | |
| "kind": "TokenReview", | |
| "metadata": { | |
| "creationTimestamp": null | |
| }, | |
| "spec": { | |
| "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6InVzZXIxQGRvbWFpbi5jb20ifQ.W0Ek34LU4WQOxXdTqZ9Z-0kESz0wIEdYehxZHlTjt2I" | |
| }, | |
| "status": { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "apiVersion": "authentication.k8s.io/v1beta1", | |
| "kind": "TokenReview", | |
| "status": { | |
| "authenticated": true, | |
| "user": { | |
| "extra": { | |
| "extrafield1": [ | |
| "extravalue1", | |
| "extravalue2" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "apiVersion": "authorization.k8s.io/v1beta1", | |
| "kind": "SubjectAccessReview", | |
| "metadata": { | |
| "creationTimestamp": null | |
| }, | |
| "spec": { | |
| "extra": { | |
| "extrafield1": [ | |
| "extravalue1", |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "apiVersion": "authorization.k8s.io/v1beta1", | |
| "kind": "SubjectAccessReview", | |
| "status": { | |
| "allowed": true | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CN = webhook.domain.local | |
| X509v3 extensions: | |
| Netscape Comment: | |
| OpenSSL Generated Certificate | |
| X509v3 Subject Alternative Name: | |
| DNS:webhook.domain.local, DNS:webhook-srv, DNS:webhook-srv.kube-system, DNS:webhook-srv.kube-system.svc, DNS:webhook-srv.kube-system.svc.cluster.local | |
| X509v3 Key Usage: | |
| Digital Signature, Non Repudiation, Key Encipherment |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import jwt | |
| encoded = jwt.encode({'username': '[email protected]'}, 'secret', algorithm='HS256') | |
| print encoded | |
| decoded = jwt.decode(encoded, 'secret', algorithms=['HS256']) | |
| print decoded |