From f81e6d2ccf96f831d5b54c41d5790c44b2b78910 Mon Sep 17 00:00:00 2001
From: Suzuka Asagiri <suzutan0s2@suzutan.jp>
Date: Mon, 23 Apr 2018 12:17:00 +0900
Subject: [PATCH] Add oidc-user-prefix and oidc-group-prefix args

---
 inventory/sample/group_vars/k8s-cluster.yml                 | 2 ++
 roles/kubernetes/master/defaults/main.yml                   | 2 ++
 .../master/templates/manifests/kube-apiserver.manifest.j2   | 6 ++++++
 3 files changed, 10 insertions(+)

diff --git a/inventory/sample/group_vars/k8s-cluster.yml b/inventory/sample/group_vars/k8s-cluster.yml
index 38d2ce5e5..13a7ddff5 100644
--- a/inventory/sample/group_vars/k8s-cluster.yml
+++ b/inventory/sample/group_vars/k8s-cluster.yml
@@ -58,7 +58,9 @@ kube_users:
 ## Optional settings for OIDC
 # kube_oidc_ca_file: {{ kube_cert_dir }}/ca.pem
 # kube_oidc_username_claim: sub
+# kube_oidc_username_prefix: oidc:
 # kube_oidc_groups_claim: groups
+# kube_oidc_groups_prefix: oidc:
 
 
 # Choose network plugin (cilium, calico, contiv, weave or flannel)
diff --git a/roles/kubernetes/master/defaults/main.yml b/roles/kubernetes/master/defaults/main.yml
index c2715df85..52b04be50 100644
--- a/roles/kubernetes/master/defaults/main.yml
+++ b/roles/kubernetes/master/defaults/main.yml
@@ -73,7 +73,9 @@ kube_oidc_auth: false
 ## Optional settings for OIDC
 # kube_oidc_ca_file: {{ kube_cert_dir }}/ca.pem
 # kube_oidc_username_claim: sub
+# kube_oidc_username_prefix: oidc:
 # kube_oidc_groups_claim: groups
+# kube_oidc_groups_prefix: oidc:
 
 ## Variables for custom flags
 apiserver_custom_flags: []
diff --git a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
index e0054686a..b589a9176 100644
--- a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
@@ -73,9 +73,15 @@ spec:
 {%   if kube_oidc_username_claim is defined %}
     - --oidc-username-claim={{ kube_oidc_username_claim }}
 {%   endif %}
+{%   if kube_oidc_username_prefix is defined %}
+    - "--oidc-username-prefix={{ kube_oidc_username_prefix }}"
+{%   endif %}
 {%   if kube_oidc_groups_claim is defined %}
     - --oidc-groups-claim={{ kube_oidc_groups_claim }}
 {%   endif %}
+{%   if kube_oidc_groups_prefix is defined %}
+    - "--oidc-groups-prefix={{ kube_oidc_groups_prefix }}"
+{%   endif %}
 {% endif %}
     - --secure-port={{ kube_apiserver_port }}
     - --insecure-port={{ kube_apiserver_insecure_port }}