Open Kerwood opened 3 years ago
velann21
commented
2 years ago Hey Keroo, Thanks for this nice blog about the promerium, unfortunately I am getting error while issuing commands like kubectl get po
Error is : error: the server doesn't have a resource type "pods"
Kerwood
commented
2 years ago Hmm that is a bit strange. Could you give an example of what you have done?
velann21
commented
2 years ago @Kerwood
Hmm that is a bit strange. Could you give an example of what you have done?
So actually, I am trying to set the github as IDP, apart from that, I have followed the exact steps you have mentioned in the blog.
https://github.com/velann21/pomerium-test/tree/master these are the yaml file
Kerwood
commented
2 years ago You deleted the repo :)
Should you not use the full github email in the role binding?
Why do you create the cluster-admin role ? It already exists.
You are missing the policy property, why is that ?
- from: https://your-domain.com
to: https://kubernetes.default.svc
tls_skip_verify: true
allow_spdy: true
allow_public_unauthenticated_access: true
allowed_idp_claims:
email:
- your-mail@gmail.com@Kerwood
You deleted the repo :)
Should you not use the full github email in the role binding? Why do you create the
cluster-adminrole ? It already exists.You are missing the policy property, why is that ?
- from: https://your-domain.com to: https://kubernetes.default.svc tls_skip_verify: true allow_spdy: true allow_public_unauthenticated_access: true allowed_idp_claims: email: - your-mail@gmail.com
I have tried with the ploicy property as well it did not worked,
In admin-role-binding:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cluster-admin-crb
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: velann21 (should this be an user name of github??)
https://linuxblog.xyz/posts/pomerium-kubernetes-single-sign-on/