Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Dex OIDC docs with CAPA EKS cluster changes #2190

Merged
merged 6 commits into from
Apr 25, 2024
Merged

Update Dex OIDC docs with CAPA EKS cluster changes #2190

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
a58eae9
Add information when setting up on CAPI EKS WC
tuladhar Apr 25, 2024
c11ad70
Update index.md
tuladhar Apr 25, 2024
b8f1f31
Update index.md
tuladhar Apr 25, 2024
65d672e
Update index.md
tuladhar Apr 25, 2024
a136eb9
Update src/content/vintage/advanced/access-management/configure-dex-i…
tuladhar Apr 25, 2024
a72b786
Merge branch 'main' into bigmac/dex-eks
tuladhar Apr 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 37 additions & 7 deletions ...ntent/vintage/advanced/access-management/configure-dex-in-your-cluster/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,22 +1,22 @@
---
linkTitle: OIDC auth for workload clusters
title: Configure OIDC using Dex to access your clusters
description: A general explanation on how to install and configure Dex to work as an authenticator mechanism to provide OpenID tokens.
weight: 100
menu:
main:
parent: advanced-access-management
user_questions:
- How can I configure OIDC in my cluster?
- How can I add a new OIDC connector?
last_review_date: 2023-09-13
last_review_date: 2024-04-25
aliases:
- /advanced/access-management/configure-dex-in-your-cluster
- /guides/configure-dex-in-your-cluster/
- /advanced/configure-dex-in-your-cluster/
owner:
- https://github.com/orgs/giantswarm/teams/team-bigmac
---

Check warning on line 19 in src/content/vintage/advanced/access-management/configure-dex-in-your-cluster/index.md

View workflow job for this annotation

GitHub Actions / Front matter problems

Found 1 less severe problems 

WARN - The page should have a last_review_date

## Introduction

Expand Down Expand Up @@ -91,7 +91,7 @@
```

{{< /tab >}}
{{< tab title="Cluster API">}}
{{< tab title="Cluster API (any)">}}

```yaml
# Config map with values for the Workload Cluster app
Expand All @@ -100,11 +100,33 @@
data:
values: |
...
oidc:
issuerUrl: https://dex.CLUSTER_NAME.BASE_DOMAIN
clientId: dex-k8s-authenticator
usernameClaim: email
groupsClaim: groups
global:
controlPlane:
oidc:
issuerUrl: https://dex.CLUSTER_NAME.BASE_DOMAIN
clientId: dex-k8s-authenticator
usernameClaim: email
groupsClaim: groups
```

{{< /tab >}}
{{< tab title="Cluster API (AWS EKS)">}}

```yaml
# Config map with values for the Workload Cluster app
apiVersion: v1
kind: ConfigMap
data:
values: |
...
global:
controlPlane:
oidcIdentityProviderConfig:
issuerUrl: https://dex.CLUSTER_NAME.BASE_DOMAIN
clientId: dex-k8s-authenticator
usernameClaim: email
groupsClaim: groups
identityProviderConfigName: dex-k8s-authenticator
```

{{< /tab >}}
Expand Down Expand Up @@ -384,6 +406,14 @@
issuerAddress: https://dex.test.example.io
```

__warning__: For workload cluster using [Cluster API `EKS`](https://github.com/giantswarm/cluster-eks) provider, you'll need to configure Athena to use an AWS-managed EKS API server endpoint. This API server endpoint is uniquely allocated to your EKS cluster and can be easily accessed through the AWS EKS console by navigating to the `Overview` tab and under the `Details` section from the EKS cluster information page. For example:

```yaml
kubernetes
api:
address: https://6EAE2F2E28XUD92EXZF54DFEF7C37081D.gr7.eu-central-1.eks.amazonaws.com
```

Access to Athena can be restricted to certain CIDRs.

```yaml
Expand Down
Loading