This is a manual test for verifying Kubernetes OIDC authentication with your OIDC provider.
This test checks the following points:
- You can set up your OIDC provider using setup guide.
- The plugin works with your OIDC provider.
You need to build the plugin into the parent directory.
make -C ..You need to set up your provider. See setup guide for more.
You need to install the following tools:
- Docker
- Kind
- kubectl
You can check if the tools are available.
make checkCreate a cluster. For example, you can create a cluster with Google account authentication.
make OIDC_ISSUER_URL=https://accounts.google.com \
OIDC_CLIENT_ID=REDACTED.apps.googleusercontent.com \
OIDC_CLIENT_SECRET=REDACTED \
[email protected]It will do the following steps:
- Create a cluster.
- Set up access control. It allows read-only access from your email address.
- Set up kubectl to enable the plugin.
You can change kubectl configuration in generated output/kubeconfig.yaml.
Make sure you can log in to the provider and access the cluster.
% export KUBECONFIG=$PWD/output/kubeconfig.yaml
% kubectl get pods -ATo delete the cluster and generated files:
make delete-cluster
make clean