Welcome {{ preferred_username }}

In order to get command-line acces to the {{ context }} Kubernetes cluster, you will need to configure OpenID Connect (OIDC) authentication for your client.

Kubernetes ApiServer
Kubernetes ApiServer integration with OpeniD provider
nano /etc/kubernetes/manifests/kube-apiserver.yaml
...
command:
- /hyperkube
- apiserver
...
- --oidc-issuer-url={{ oauth_server_uri }}
- --oidc-client-id={{ client_id }}
- --oidc-username-claim=email
- --oidc-groups-claim=groups
# for self sign cert or custom ca
#- --oidc-ca-file=/etc/kubernetes/pki/rootca.pem
...

systemctl restart kubelet
Kubectl Plugin
Install as Kubectl plugin.
# Homebrew (macOS and Linux)
brew tap devopstales/devopstales
brew install kubectl-login

# Main Krew with differente name (macOS, Linux, Windows and ARM)
kubectl krew install dtlogin

# My krew repo (macOS, Linux, Windows and ARM)
kubectl krew index add devopstales https://github.com/devopstales/krew
kubectl krew install devopstales/login

# My krew repo (macOS, Linux, Windows and ARM)
kubectl krew index add devopstales https://github.com/devopstales/krew
kubectl krew install devopstales/login

# Chocolatey (Windows)
choco install kubectl-login

# Binary release (Windows, macOS and Linux)
https://github.com/devopstales/kube-openid-connect/releases
Use the plugin.
$ kubectl login {{ redirect_uri }}
# OR If you installed from main Krew
kubectl dtlogin {{ redirect_uri }}
Configfile created with config for productioncluster to ~/.kube/config
Happy Kubernetes interaction!
Download Kubeconfig File

If you didn't want to use the kubectl plugin, save this file as ~/.kube/config to enable OIDC based kubectl authentication.

Download Config File
Running kubectl

Once you get the ~/.kube/config file you should be able to run kubectl: 

# These are examples. Your context and cluster names will likely differ.

$ kubectl config get-contexts
CURRENT   NAME       CLUSTER            AUTHINFO   NAMESPACE
          k8s        k8s                k8s        
          microk8s   microk8s-cluster   admin      

$ kubectl --context k8s get namespaces
NAME          STATUS    AGE
default       Active    83d
experimental  Active    15d

$ kubectl --context k8s -n experimental get pods
NAME                                       READY     STATUS             RESTARTS   AGE
testapp-4074452424-06m0b                   1/1       Running            1          6d
Authenticate Manually

If you want to maintain your existing ~/.kube/config file you can run the following to add your user: 

# Create k8s server ca pem
echo "{{ k8s_server_ca }}
" \ > ca-k8s.pem

# Add your server to kubectl config
kubectl config set-cluster {{ context }} \
--server={{ k8s_server_url }} \
--user={{ preferred_username }} \
--certificate-authority=ca-k8s.pem

# Add your user to kubectl config
kubectl config set-credentials "{{ preferred_username }}" \
--auth-provider=oidc \
--auth-provider-arg=client-id="{{ client_id }}" \
--auth-provider-arg=client-secret="{{ client_secret }}" \
--auth-provider-arg=id-token="{{ id_token }}" \
--auth-provider-arg=refresh-token="{{ refresh_token }}" \
--auth-provider-arg=idp-issuer-url="{{ oauth_server_uri }}"

# Associate your user with an existing cluster
kubectl config set-context {{ context }} --cluster {{ context }} --user="{{ preferred_username }}"
kubectl config use-context {{ context }}