Setup kubectl to access the Kubernetes cluster


  1. Ask me to create you an account with the OpenID Provider and send you a secret.
  2. Download kubelogin
  3. Extract the binary file, put it in your $PATH and name it `kubectl-login`
  4. Run the following command replacing SECRET with the actual secret value I have given you:
    kubectl login setup --oidc-issuer-url=https://accounts.google.com --oidc-client-id=533122798643-r3ss0i967drg50n2rlifh1bdmv7moha5.apps.googleusercontent.com --oidc-client-secret=SECRET
  5. This will open a browser where you should log in.
  6. Once you have managed to log in, scroll through the command output and find a line similar to this:
    kubectl create clusterrolebinding oidc-cluster-admin --clusterrole=cluster-admin --user='https://accounts.google.com#123456'
    Send me the command
  7. Now you had to setup your cluster access. To so by running the following command, again by replacing SECRET with your secret:
    kubectl config set-credentials oidc --exec-api-version=client.authentication.k8s.io/v1beta1 --exec-command=kubectl --exec-arg=oidc-login --exec-arg=get-token --exec-arg=--oidc-issuer-url=https://accounts.google.com --exec-arg=--oidc-client-id=533122798643-r3ss0i967drg50n2rlifh1bdmv7moha5.apps.googleusercontent.com --exec-arg=--oidc-client-secret=SECRET
  8. Add the cluster settings to you kubeconfig:

    clusters: - cluster: certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJd01EVXhOREU0TXpJek9Gb1hEVE13TURVeE1qRTRNekl6T0Zvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTlc2CnI0ZDF5elFXajFPemRQVmFMcGtyNFY4VitrNXpzSlhlQmkwV1l2OEtsa21jTHoxRW5YcTBGYmNJOUoyK1A5SzMKbU10WFFwcHRKVzIrYjVGTWFxblpmSzF2c1JpdW1qNDlZNjhDc3AwV2dXdWZCYWdmaENvVXhRNEJPWW9Gdm1LRAo1blZkcUNJOEZNcTNDTTFTYVdkV1VKbHlleEQxMldUaFF5b3RtSVpsQWdHUTRDNWd1SW13N1dDMGYwYjRNa1hCCmFoVmtzWWh0dW5hazFpeGp1cnMvRUZpRy9mS1dQeVpCV1NEQ2dyMG5Dc0o5MmFwdUthVFMzdSt0b3dESHFxb0cKelFvWDNTU3MyNGlKQWZFMUlRbll5MjhtWDVFU1JRSU1CSEFheTJkSEJIdWEvMkFSc2YzUktDZEgvb0QzdkJoNgpVeDZDM3JEUnVGSEhGRFJiYkQ4Q0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFET0hFTUMzRWVZRVNFbWhUVjhidkpDYlplRFgKaUg1SEJSNUxlcnhNa2xYSVRGMVYzQmtUbkFoSHNMa1kvOWZRYlZoTVZ2Wjd1eEVyNS9SMjJ5RXRCZXBVM1RmOAowT1dTMVRtSUd5d0NoL0R1K1ZsYmh2NlQ3bXhjMFZkSVhOajBXRjVZU1lLaWt5Y1NkSVZYN0s1NVp0aWtUWmVICm5yNG1ITHdFTXJVZHBtOEUyODlqMWgwZjBTZ3lTTnd5eHZhbmc5c3VqbW5jajduRDJmNE53SWxPYjBKU0crQ1YKNHo2eWFqUDhCY2EzcHFKUzZKb2MwVDg1aGV6aW4xbE0zaitHTUVwQ3daS3BrZS82VGdBQ1d4eUs1bGlCN3YyMQplQkl3NnhnYTJiaFhUNVRqWTVOb2tyc0dpbzNYVk1WSGtnMnd5enR1SnlOY1I4MS9aYXRhejl0OUNmVT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= server: https://10.0.20.100:6443 name: self-hosted-cluster
  9. DONE! You can check your cluster access with
    kubectl --user=oidc get nodes


Thank Kubernetes and my laziness for the complex setup...

P.S: You can update the user to whatever you want so that it is convenient for you.