I need to use a client-certificate and client-key. But when I try to add it to the config, Im getting
Error from server (Forbidden): pods is forbidden: User "system:anonymous" cannot list resource "pods" in API group "" in the namespace "xxx"
To reproduce
Your environment
OS: ubuntu 20.05.5 LTS
kubelogin version: v1.28.0
kubectl version: v1.28.2
OpenID Connect provider: Keycloak (appears to be)
It seems that, adding client-certificate or client-certificate-data skips the login with the plugin.
This works:
I understand that the "oidc-login" plugin does not provide a way to add these certificates, however client.authentication.k8s.io/v1beta1 has these within the state property. Is there a way to specify the certificate files or their contents within the kubelogin-plugin config?
Describe the issue
I need to use a client-certificate and client-key. But when I try to add it to the config, Im getting
To reproduce
Your environment
It seems that, adding
client-certificate
orclient-certificate-data
skips the login with the plugin. This works:I understand that the "oidc-login" plugin does not provide a way to add these certificates, however
client.authentication.k8s.io/v1beta1
has these within thestate
property. Is there a way to specify the certificate files or their contents within the kubelogin-plugin config?