From a58eae97670171404957622e2fdb8481163fd234 Mon Sep 17 00:00:00 2001 From: Puru <5674762+tuladhar@users.noreply.github.com> Date: Thu, 25 Apr 2024 13:37:17 +0545 Subject: [PATCH 1/5] Add information when setting up on CAPI EKS WC --- .../configure-dex-in-your-cluster/index.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/content/vintage/advanced/access-management/configure-dex-in-your-cluster/index.md b/src/content/vintage/advanced/access-management/configure-dex-in-your-cluster/index.md index 3332d15887..6fefa3e5a4 100644 --- a/src/content/vintage/advanced/access-management/configure-dex-in-your-cluster/index.md +++ b/src/content/vintage/advanced/access-management/configure-dex-in-your-cluster/index.md @@ -384,6 +384,13 @@ oidc: issuerAddress: https://dex.test.example.io ``` +**IMPORTANT:** For workload cluster using CAPI `eks` provider (CAPA - AWS EKS), you'll need to configure Athena to use AWS-assigned EKS API server endpoint. This API server endpoint is uniquely allocated to your EKS cluster and can be easily accessed through the AWS EKS console by navigating to "Overview" tab and under Details section from the EKS cluster information page. For example: +```yaml +kubernetes + api: + address: https://6EAE2F2E28XUD92EXZF54DFEF7C37081D.gr7.eu-central-1.eks.amazonaws.com +``` + Access to Athena can be restricted to certain CIDRs. ```yaml From c11ad70457aafd7156c3986515664d739b8c4e67 Mon Sep 17 00:00:00 2001 From: Puru <5674762+tuladhar@users.noreply.github.com> Date: Thu, 25 Apr 2024 15:33:43 +0545 Subject: [PATCH 2/5] Update index.md --- .../configure-dex-in-your-cluster/index.md | 34 +++++++++++++++---- 1 file changed, 28 insertions(+), 6 deletions(-) diff --git a/src/content/vintage/advanced/access-management/configure-dex-in-your-cluster/index.md b/src/content/vintage/advanced/access-management/configure-dex-in-your-cluster/index.md index 6fefa3e5a4..f6de8e1c4e 100644 --- a/src/content/vintage/advanced/access-management/configure-dex-in-your-cluster/index.md +++ b/src/content/vintage/advanced/access-management/configure-dex-in-your-cluster/index.md @@ -91,7 +91,7 @@ spec: ``` {{< /tab >}} -{{< tab title="Cluster API">}} +{{< tab title="Cluster API (any)">}} ```yaml # Config map with values for the Workload Cluster app @@ -100,11 +100,33 @@ kind: ConfigMap data: values: | ... - oidc: - issuerUrl: https://dex.CLUSTER_NAME.BASE_DOMAIN - clientId: dex-k8s-authenticator - usernameClaim: email - groupsClaim: groups + global: + controlPlane: + oidc: + issuerUrl: https://dex.CLUSTER_NAME.BASE_DOMAIN + clientId: dex-k8s-authenticator + usernameClaim: email + groupsClaim: groups +``` + +{{< /tab >}} +{{< tab title="Cluster API (AWS EKS)">}} + +```yaml +# Config map with values for the Workload Cluster app +apiVersion: v1 +kind: ConfigMap +data: + values: | + ... + global: + controlPlane: + oidcIdentityProviderConfig: + issuerUrl: https://dex.CLUSTER_NAME.BASE_DOMAIN + clientId: dex-k8s-authenticator + usernameClaim: email + groupsClaim: groups + identityProviderConfigName: dex-k8s-authenticator ``` {{< /tab >}} From b8f1f31c5fe184c2c968f626c22836d3cbb6dfa1 Mon Sep 17 00:00:00 2001 From: Puru <5674762+tuladhar@users.noreply.github.com> Date: Thu, 25 Apr 2024 15:37:45 +0545 Subject: [PATCH 3/5] Update index.md --- .../access-management/configure-dex-in-your-cluster/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/vintage/advanced/access-management/configure-dex-in-your-cluster/index.md b/src/content/vintage/advanced/access-management/configure-dex-in-your-cluster/index.md index f6de8e1c4e..3bffe36a98 100644 --- a/src/content/vintage/advanced/access-management/configure-dex-in-your-cluster/index.md +++ b/src/content/vintage/advanced/access-management/configure-dex-in-your-cluster/index.md @@ -9,7 +9,7 @@ menu: user_questions: - How can I configure OIDC in my cluster? - How can I add a new OIDC connector? -last_review_date: 2023-09-13 +last_review_date: 2024-04-25 aliases: - /advanced/access-management/configure-dex-in-your-cluster - /guides/configure-dex-in-your-cluster/ From 65d672e041b9d53631b6fcbde8a29e266f3c8def Mon Sep 17 00:00:00 2001 From: Puru <5674762+tuladhar@users.noreply.github.com> Date: Thu, 25 Apr 2024 15:44:43 +0545 Subject: [PATCH 4/5] Update index.md --- .../access-management/configure-dex-in-your-cluster/index.md | 1 + 1 file changed, 1 insertion(+) diff --git a/src/content/vintage/advanced/access-management/configure-dex-in-your-cluster/index.md b/src/content/vintage/advanced/access-management/configure-dex-in-your-cluster/index.md index 3bffe36a98..bb6ff0a8a0 100644 --- a/src/content/vintage/advanced/access-management/configure-dex-in-your-cluster/index.md +++ b/src/content/vintage/advanced/access-management/configure-dex-in-your-cluster/index.md @@ -407,6 +407,7 @@ oidc: ``` **IMPORTANT:** For workload cluster using CAPI `eks` provider (CAPA - AWS EKS), you'll need to configure Athena to use AWS-assigned EKS API server endpoint. This API server endpoint is uniquely allocated to your EKS cluster and can be easily accessed through the AWS EKS console by navigating to "Overview" tab and under Details section from the EKS cluster information page. For example: + ```yaml kubernetes api: From a136eb90f9c0f94fa06f1696f7c7bf6fb56f61d7 Mon Sep 17 00:00:00 2001 From: Puru <5674762+tuladhar@users.noreply.github.com> Date: Thu, 25 Apr 2024 17:00:48 +0545 Subject: [PATCH 5/5] Update src/content/vintage/advanced/access-management/configure-dex-in-your-cluster/index.md Co-authored-by: Fernando Ripoll --- .../access-management/configure-dex-in-your-cluster/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/vintage/advanced/access-management/configure-dex-in-your-cluster/index.md b/src/content/vintage/advanced/access-management/configure-dex-in-your-cluster/index.md index bb6ff0a8a0..601d1ca77f 100644 --- a/src/content/vintage/advanced/access-management/configure-dex-in-your-cluster/index.md +++ b/src/content/vintage/advanced/access-management/configure-dex-in-your-cluster/index.md @@ -406,7 +406,7 @@ oidc: issuerAddress: https://dex.test.example.io ``` -**IMPORTANT:** For workload cluster using CAPI `eks` provider (CAPA - AWS EKS), you'll need to configure Athena to use AWS-assigned EKS API server endpoint. This API server endpoint is uniquely allocated to your EKS cluster and can be easily accessed through the AWS EKS console by navigating to "Overview" tab and under Details section from the EKS cluster information page. For example: +__warning__: For workload cluster using [Cluster API `EKS`](https://github.com/giantswarm/cluster-eks) provider, you'll need to configure Athena to use an AWS-managed EKS API server endpoint. This API server endpoint is uniquely allocated to your EKS cluster and can be easily accessed through the AWS EKS console by navigating to the `Overview` tab and under the `Details` section from the EKS cluster information page. For example: ```yaml kubernetes