Comments (15)
cwoolum
commented on August 17, 2024
2
That works! I'm able to connect to my cluster.
from lens.
jakolehm
commented on August 17, 2024
OIDC kubeconfig is not directly supported yet but it's possible to use https://github.com/int128/kubelogin .
Root cause: missing OIDC support in kubernetes typescript library. Should be fixed in next release where we use latest kubernetes client version.
from lens.
jakolehm
commented on August 17, 2024
Lens 2.1.0-beta.3 should have working OIDC support, could you test it?
https://kontena-lens-desktop.s3-eu-west-1.amazonaws.com/Lens%20Setup%202.1.0-beta.3.exe
from lens.
cwoolum
commented on August 17, 2024
That one says 'Connecting...' now but I'm not able to see the message to
sign in so I cannot authorize the connection.
β¦On Sat, Oct 5, 2019 at 6:27 AM Jari Kolehmainen ***@***.***> wrote:
Lens 2.1.0-beta.3 should have working OIDC support, could you test it?
https://kontena-lens-desktop.s3-eu-west-1.amazonaws.com/Lens%20Setup%202.1.0-beta.3.exe
β
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#45>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAHGCT36JOBJKJPAYOKXIKDQNCI5ZANCNFSM4I5TGJPQ>
.
from lens.
jakolehm
commented on August 17, 2024
Workaround (using kubelogin):
- name: oidc-example
user:
exec:
apiVersion: client.authentication.k8s.io/v1beta1
args:
- oidc-login
- get-token
- --oidc-issuer-url=https://idp.example.com
- --oidc-client-id=<client-id>
- --oidc-client-secret=<secret>
command: kubectlfrom lens.
cwoolum
commented on August 17, 2024
I don't think AKS works that way. They have their own built in process. The flow goes like this:
- Add cluster from their CLI
- Run kubectl proxy
- A message is shown with a link and a code.
- Click the link, sign in with your domain credentials, enterΒ the code.
- Authorization is routed back to kubectl and the portal is opened
from lens.
jakolehm
commented on August 17, 2024
@cwoolum Lens v2.1.4 has OIDC related fixes. Could you test if it fixes your use case?
from lens.
cwoolum
commented on August 17, 2024
Definitely making progress but got a 401. The add cluster process makes debugging much easier! Here's my kubeconfig and the error returned.
apiVersion: v1
kind: Config
preferences: {}
current-context: kube-api-staging
clusters:
- name: kube-api-staging
cluster:
certificate-authority-data: >-
{Redacted}
server: >-
https://server.hcp.westus.azmk8s.io:443
insecure-skip-tls-verify: false
contexts:
- name: kube-api-staging
context:
cluster: kube-api-staging
user: my_user_account
users:
- name: my_user_account
user:
auth-provider:
config:
access-token: >-
{Redacted}
tenant-id: 3b******-e6f7-4a4e-9fc6-f0********83
name: azure{ "response": { "statusCode": 401, "body": { "kind": "Status", "apiVersion": "v1", "metadata": {}, "status": "Failure", "message": "Unauthorized", "reason": "Unauthorized", "code": 401 }, "headers": { "audit-id": "9a6a109b-7b2f-4902-89c1-e4fa64fc2664", "content-type": "application/json", "date": "Wed, 16 Oct 2019 15:54:22 GMT", "content-length": "129", "connection": "close" }, "request": { "uri": { "protocol": "https:", "slashes": true, "auth": null, "host": "server.hcp.westus.azmk8s.io:443", "port": "443", "hostname": "server.hcp.westus.azmk8s.io", "hash": null, "search": null, "query": null, "pathname": "/version/", "path": "/version/", "href": "https://server.hcp.westus.azmk8s.io:443/version/" }, "method": "GET", "headers": { "authorization": "", "Authorization": "Bearer *Redacted*", "accept": "application/json" } } }, "body": {} }from lens.
chelnak
commented on August 17, 2024
@cwoolum Did you manage to get this working with AKS?
from lens.
cwoolum
commented on August 17, 2024
No, because of the way that AKS wraps all of the auth pieces, I think the only way to make it work is to surface the login message.
from lens.
chelnak
commented on August 17, 2024
π Thought that might be the case!
Great tool to use with the cluster admin context but I'd want people using their AAD accounts to login.
Maybe it's something that will come soon! Thanks for replying.
from lens.
jnummelin
commented on August 17, 2024
update: this will be fixed in upcoming 2.6.0 release where we do complete re-write for the auth "proxy" we use within the app. We're gonna ditch the k8s JS client for that as it has some serious bugs & shortcomings for many cases, not only this Azure AAD case. The potential prompt for user will be surfaced in the initial connection to the cluster.
from lens.
cwoolum
commented on August 17, 2024
Awesome! Please let me know when a beta is available and I'll be glad to test.
from lens.
jakolehm
commented on August 17, 2024
@cwoolum beta download is available here: https://kontena-lens-desktop.s3-eu-west-1.amazonaws.com/Lens%20Setup%202.6.0-beta.3.exe
(Remember to install stable version once it's out)
from lens.
jnummelin
commented on August 17, 2024
2.6.0 is now shipped with complete re-write for auth proxying. π
from lens.
Related Issues (20)
- sleep causes cluster to lose stuff HOT 1
- When trying to connect to the cluster via lens: Failed to get /version for clusterId=id Internal Server Errorr HOT 5
- When connecting to cluster shows progress with "Refreshing cluster accessibility..." message for a minute HOT 1
- CPU/Memory usage of pods are shown as text, but not on chart HOT 3
- can not cd to any directory in the shell. HOT 1
- Succeeded jobs contribute to node CPU request value HOT 2
- Click on KUBECONFIG to open Finder, it is stuck. HOT 2
- Keep log search controls visible HOT 1
- Incorrect events order in Horizontal Pod Autoscallers view HOT 1
- Unknown error while submitting when installing new Helm Chart HOT 2
- Run on terminal but not from the launcher HOT 2
- Error: are too far apart with stepSize of 1 minute HOT 1
- Windows ARM support (Surface Pro 11 Snapdragon) HOT 2
- Force deletion of resource even with finalizers HOT 1
- Lens: 2024.5.271333-latest ζ ζ³ζεΌPod shell η΄ζ₯ιͺιοΌζ²‘ζζδ»»δ½ιθ―― HOT 3
- Link next to user management to show available seats. HOT 1
- Lens ckick on tripple dots by itself if menu opened - and it closes menu HOT 1
- Lens autodetects my Prometheus installation but doesn't display metrics HOT 3
- Source code empty
- Request support for VolumeSnapshot HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lens.