This tool acts as a broker that allows you to incorporate output from another OIDC provider into a newly generated token. This token can then be configured as a trusted entity for the Kubernetes API.
This tool works seamlessly alongside the Tocrocon Docker component, which is also part of the k8stooling suite.
The following enviroment variables can be set as part of the Deployment
- name: ISSUER_URL
value: "{{OIDC_BROKER_URL}}"
- name: TENANT_ID
value: "{{YOUR TENANT_ID}}"
- name: TOKEN_TTL
value: "1h"
- TENANT_ID is optional and has no meaning.
- TOKEN_TTL is default 900s in case nothing is set
The Secret Name in the Namespace needs to be oidc-broker The Key which represents the Signing RSA has to be set to rsa_key
(!) Check also the yaml-Examples files