diff --git a/inventory/sample/group_vars/k8s-cluster.yml b/inventory/sample/group_vars/k8s-cluster.yml index 38d2ce5e5..13a7ddff5 100644 --- a/inventory/sample/group_vars/k8s-cluster.yml +++ b/inventory/sample/group_vars/k8s-cluster.yml @@ -58,7 +58,9 @@ kube_users: ## Optional settings for OIDC # kube_oidc_ca_file: {{ kube_cert_dir }}/ca.pem # kube_oidc_username_claim: sub +# kube_oidc_username_prefix: oidc: # kube_oidc_groups_claim: groups +# kube_oidc_groups_prefix: oidc: # Choose network plugin (cilium, calico, contiv, weave or flannel) diff --git a/roles/kubernetes/master/defaults/main.yml b/roles/kubernetes/master/defaults/main.yml index c2715df85..52b04be50 100644 --- a/roles/kubernetes/master/defaults/main.yml +++ b/roles/kubernetes/master/defaults/main.yml @@ -73,7 +73,9 @@ kube_oidc_auth: false ## Optional settings for OIDC # kube_oidc_ca_file: {{ kube_cert_dir }}/ca.pem # kube_oidc_username_claim: sub +# kube_oidc_username_prefix: oidc: # kube_oidc_groups_claim: groups +# kube_oidc_groups_prefix: oidc: ## Variables for custom flags apiserver_custom_flags: [] diff --git a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 index e0054686a..b589a9176 100644 --- a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 +++ b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 @@ -73,9 +73,15 @@ spec: {% if kube_oidc_username_claim is defined %} - --oidc-username-claim={{ kube_oidc_username_claim }} {% endif %} +{% if kube_oidc_username_prefix is defined %} + - "--oidc-username-prefix={{ kube_oidc_username_prefix }}" +{% endif %} {% if kube_oidc_groups_claim is defined %} - --oidc-groups-claim={{ kube_oidc_groups_claim }} {% endif %} +{% if kube_oidc_groups_prefix is defined %} + - "--oidc-groups-prefix={{ kube_oidc_groups_prefix }}" +{% endif %} {% endif %} - --secure-port={{ kube_apiserver_port }} - --insecure-port={{ kube_apiserver_insecure_port }}