icecheng/freeleaps-ops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(k8s): update OIDC username prefix to allow full claim value

Browse Source 
Signed-off-by: 孙振宇 <>
This commit is contained in:
孙振宇 2025-01-13 19:34:48 +08:00
parent 6574c07350
commit 841ef17655
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cluster/ansible/manifests/group_vars/k8s_cluster/k8s-cluster.yml
View File

@ -51,9 +51,10 @@ kube_oidc_client_id: 7cd1df19-24ea-46d7-acd3-5336283139e0
## Optional settings for OIDC ## Optional settings for OIDC
# kube_oidc_ca_file: "{{ kube_cert_dir }}/ca.crt" # kube_oidc_ca_file: "{{ kube_cert_dir }}/ca.crt"
kube_oidc_username_claim: upn kube_oidc_username_claim: upn
kube_oidc_username_prefix: 'mathmast:' # Set to - means that the username is the entire value of the claim
kube_oidc_username_prefix: -
kube_oidc_groups_claim: roles kube_oidc_groups_claim: roles
kube_oidc_groups_prefix: 'mathmast:' # kube_oidc_groups_prefix: 'oidc:'
## Variables to control webhook authn/authz ## Variables to control webhook authn/authz
# kube_webhook_token_auth: false # kube_webhook_token_auth: false