How to enable auth on kubebox running under kubernetes ?

[lduparc]

Have you sample using Basic Auth or OpenID ?

Where put configuration ?

Thanks

[astefanutti]

Do you mean when using the Web server version of Kubebox?

The API server must be configured with the authentication method you want to use, which is documented in https://kubernetes.io/docs/reference/access-authn-authz/authentication/.

Then Kubebox should be able to adapt. For example, if OAuth is configured, Kubebox gets the OAuth authorization server metadata resource to retrieve the OAuth configuration. While it should work for a large range of setups when using the Kubebox binary, there may be some gaps to fill with the Web server version, as it has to reverse proxy the communication to the API server.

[lduparc]

Hi,

I mean when I run kubebox into Kubernetes, I would like add a login step to secure it using openid.

[astefanutti]

Sorry, to be sure what mode you're using, could you precise how you run Kubebox from: https://github.com/astefanutti/kubebox#run, either Executable, Server, Kubectl?

[lduparc]

I'm using kubectl to install kubebox on Kubernetes.

kubectl apply -f https://raw.github.com/astefanutti/kubebox/master/kubernetes.yaml

[astefanutti]

OK thanks. By default the Kubebox ServiceAccount token is used to authenticate to the API server.

To enable other authentication scheme, you should add the following environment variable to the Deployment:

env:
  name: KUBEBOX_USE_SA_TOKEN
  value: 'false'

Also, the API server must be configured with the authentication mechanism of your choice: https://kubernetes.io/docs/reference/access-authn-authz/authentication/.

Let me know if that works.

[lduparc]

Thanks - this is exactly what I was looking for.

[astefanutti]

Thanks for the feedback. If you've something that works and you think it's worth documenting, I'd be glad to accept a PR.