User Tools
управление_доступом_в_kubernetes
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
управление_доступом_в_kubernetes [2025/12/19 09:44] val [Шаг 7. Использование OpenID Connect] |
управление_доступом_в_kubernetes [2026/01/13 09:39] (current) val [Шаг 7. Использование OpenID Connect] |
||
|---|---|---|---|
| Line 153: | Line 153: | ||
| * Сервис Keycloak [[Сервис Keycloak#Аутентификация пользователей WEB приложения]] | * Сервис Keycloak [[Сервис Keycloak#Аутентификация пользователей WEB приложения]] | ||
| + | * !!! в конфигурации kube-apiserver параметра client-secret нет и не требуется !!! | ||
| <code> | <code> | ||
| kube1:~/users# vim /etc/kubernetes/manifests/kube-apiserver.yaml | kube1:~/users# vim /etc/kubernetes/manifests/kube-apiserver.yaml | ||
| Line 172: | Line 172: | ||
| kube1:~# ps ax | grep kube-apiserver | kube1:~# ps ax | grep kube-apiserver | ||
| - | kube1:~/users# kubectl -n kube-system logs Pod/kube-apiserver-kube1 | + | kube1:~# journalctl -f | grep kube-apiserver |
| + | |||
| + | kube1/2:~# kubectl -n kube-system logs Pod/kube-apiserver-kube1 | ||
| + | ... | ||
| + | Error: unknown flag: --oidc-client-secret | ||
| ... | ... | ||
| E1203 05:22:46.412571 1 authentication.go:73] "Unable to authenticate the request" err="[invalid bearer token, oidc: verify token: oidc: expected audience \"any-client\" got [\"account\"]]" | E1203 05:22:46.412571 1 authentication.go:73] "Unable to authenticate the request" err="[invalid bearer token, oidc: verify token: oidc: expected audience \"any-client\" got [\"account\"]]" | ||
управление_доступом_в_kubernetes.1766126675.txt.gz · Last modified: 2025/12/19 09:44 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
