petrokashlikov
commented
4 years ago There is good blog regarding option #2 https://aws.amazon.com/blogs/opensource/consistent-oidc-authentication-across-multiple-eks-clusters-using-kube-oidc-proxy/
Closed jeffisabelle closed 4 years ago
petrokashlikov
commented
4 years ago There is good blog regarding option #2 https://aws.amazon.com/blogs/opensource/consistent-oidc-authentication-across-multiple-eks-clusters-using-kube-oidc-proxy/
jeffisabelle
commented
4 years ago Thanks!
I saw that yesterday but that seemed a bit complicated. (more pieces into the puzzle) In that case, I'm replacing dex-k8s-authenticator completely with gangway, right?
I'll give that a go today, let's see..
jeffisabelle
commented
4 years ago Ok, I was able to use dex-k8s-authenticator on EKS. This obviously requires kube-oidc-proxy setup, and instead of configuring dex-k8s-authenticator to talk with EKS directly, you configure it to talk with kube-oidc-proxy.
It works quite well!
primeroz
commented
4 years ago @jeffisabelle that is great to hear.
Would you mind writing something in the docs folder and MR it ?
thanks
jeffisabelle
commented
4 years ago Yes, of course. I can create a PR on this weekend with a runbook for the EKS setup. Cheers,
Hey there, is it possible to use this authenticator with EKS? I was trying to set this up, but apparently it is not possible to update Kubernetes API Server parameters in EKS and thus dex does not work directly with OIDC. [1]
There is also a way to enable dex on EKS with a proxy [2], but I couldn't match the puzzle pieces together.
Has anybody done this before?
1 - https://github.com/aws/containers-roadmap/issues/166 2 - https://github.com/jetstack/kube-oidc-proxy
Thanks!