Testing OpenID authentication with kubernetes
The Kubernetes Authentication docs try to explain the different "authn
" plugins. One of these is "OpenID Connect", which requires that you start up an "Identity Provider".
So when you tell kubectl
to use --auth-provider=oidc
, that's what you're using. The idp-issuer-url
will point at your Identity Provider's HTTPS URL. They give different examples of implementations of this. CoreOS has one called Dex.
Their repo has some examples under: ./examples
An example of using LDAP connector plugin for dex is here
For more information about how Authentication is done in Kubernetes (e.g.: "What is authn?" "What is authz", etc...), there is a great presentation by Eric Chiang here.
So to answer your question:
Q: how i can get values for:
- Issuer URL
- Refresh token
- Id-token
- Extra-scope