When I get a kubeconfig file from Karbon, the user is always
default-user-MyClusterNameHere in the kubeconfig file.
I am trying to setup RBAC permissions for various users as indicated on your post here: https://next.nutanix.com/community-blog-154/providing-rbac-for-your-karbon-kubernetes-clusters-33132
But the user is always the same user (
How can I get a user logged in as the actual user that they are?
And more, how can I get the groups that my users are in so I do not have to assign permissions to specific users? (We use Active Directory.)
After a fair amount of searching, I have found that I can enable OIDC support in a Kubernetes cluster. It looks like I will have to do the following:
- Setup an OIDC server and make an application in there and note its ClientID and Client Secret
- Log into the Master Kubernetes nodes and update the file found at /var/nutanix/etc/kubernetes/manifests/kube-apiserver.yaml with the following changes under the
Once I do that I should be able to use that OIDC server to authenticate users. And if the ODIC is integrated with my Active Directory, then I should have access to the groups in my Active Directory as well.
This seems like a lot of work. Before I jump in on this path, I would love some confirmation that this is the expected path for Karbon customers to take to be able to have user based RBAC.