API
The Gcore Customer Portal is being updated. Screenshots may not show the current version.
Edge Cloud
Edge Cloud
Overview
Overview
Activate and manage you eSIMGetting online in China
Troubleshooting
Account types and permissionsPackagesQuality of Service
Billing
Quotas
Create a project
User rolesAdd a userManage accessView user actions
Cost reports
About Resource reservation
Types of Virtual MachinesCreateCustomize initial setupCheck the statusEnable root user
Connect via Customer Portal
Configure and manage SSH keysConvert an SSH key to PPK formatEstablish SSH connection to a Virtual Machine
OverviewConfigure
OverviewCreate and configure
Monitor
Take a snapshot of your file systemSet up automatic snapshots
SSH connection
About Bare Metal serversCreate a Bare Metal serverConnect to your Bare Metal server via SSH
SSH connection
About Advanced DDoS Protection for Bare MetalActivate Advanced DDoS Protection for Bare Metal
OverviewUpload
NetworkSubnetworkRouter
Floating IP addressReserved IP addressVirtual IP addressDifference between virtual, floating, and reserved IP addressesAllowed address pair
Create Load BalancerAdd TLS certificates to a Load BalancerManage Load BalancersLoggingAnnotations
Firewall
OverviewConfigure
OverviewBare Metal support
Create
SSH connectionkubectl
Secure cluster with OpenID Connect
OverviewChange limitsCreate and configure a poolAdvanced autoscaler settingsConfigure GPU autoscaling for Kubernetes
Add users with limited rights to a Kubernetes cluster
Monitor load on a specific node
OverviewInstall nginx ControllerUse nginx Controller
Create a PVC and bind it to a podConfigure NFS CSI driver for Kubernetes
Annotations for Load Balancers
Manage PostgreSQL serversBackup and restore
Upload a PKCS12 file
GPU CloudCreate an AI ClusterVirtual vPOD
Prepare a custom model for deploymentDeploy an AI modelCreate and configure a registryCreate and manage API keysManage deployments in the Customer Portal
Function as a ServiceAuthenticate to functions with API keysFunction examples
Create a containerDeploy via GitHub actionsManage containers
Create a Container RegistryManage Container Registries
OverviewConfigure
FilebeatFluent BitFluentdLogstash
Prometheus exporterView logs in Grafana with OpenSearch plugin
Terraform
Set up a mailing server
API
Chosen image
Home/Edge Cloud/Managed Kubernetes/Clusters/Secure cluster with OpenID Connect

Secure Kubernetes cluster with OpenID Connect

Configure centralized and secure access management for your Kubernetes cluster by configuring OpenID Connect (OIDC) authentication.

Integrating Kubernetes with an OIDC provider is a quick way to set up a single sign-on (SSO) experience for your users. This way, they can access multiple Kubernetes clusters without re-entering their credentials.

OIDC relies on industry-standard security mechanisms, which also ensures enhanced security of your cluster and mitigates the risk of unauthorized access or data breaches.

Enable OIDC authentication for Managed Kubernetes

You can enable authentication during cluster creation or in the settings of an existing cluster. Regardless of where you start, the configuration process remains the same.

To enable OIDC authentication for your cluster:

1. If you’re creating a new cluster, scroll down to the OIDC authentication section. If you want to enable authentication for an existing cluster, open the cluster overview and click the Advanced settings tab.

2. Click Enable OIDC authentication toggle and configure the following settings:

  • Issuer URL: Enter the URL of the OIDC provider. For example, https://login.microsoftonline.com.

  • Client ID: Enter a unique identifier that will be assigned for the cluster.

OpenID Connect authentication settings for a Kubernetes container

  • Groups claim (optional): Specify the name of the claim in ID token that stores a group name. If you don’t add user groups, each user will be treated independently.

  • Set required claims toggle: Enter any additional claims that must be present in the ID token. If a token is missing any of these claims, a user will not be authenticated.

  • Signing algorithms: Choose which cryptographic algorithms the API server should accept when verifying ID tokens. By default, tokens are required to be signed using the RS256 algorithm.

  • Username claim: Specify the name of the claim in ID token that contains a username.

OpenID Connect authentication settings for a Kubernetes container

3. Save the changes if necessary.

You’ve successfully set up the OIDC authentication for your cluster.

Disable OIDC authentication for Kubernetes

Disabling OIDC authentication in your cluster settings will remove your current configuration. If you enable the authentication later, you’ll need to configure all the settings again.

To disable OIDC authentication:

1. In the Gcore Customer Portal, navigate to Cloud > Managed Kubernetes.

2. Find the cluster for which you want to configure OIDC and click its name to open it.

3. Open the Advanced settings tab.

4. Click to expand the OIDC authentication section.

5. Disable the toggle.

Disabled OpenID Connect authentication toggle

6. Click Save changes.

You no longer have the OIDC authentication configured for your Kubernetes cluster.

Update OIDC authentication settings

If you want to reset any previous configuration, click Restore Default. Be cautious when using this option because it will undo any OIDC configurations you’ve set up.

1. In the Gcore Customer Portal, navigate to Cloud > Managed Kubernetes.

2. Find the cluster for which you want to update OIDC and click its name to open it.

3. Open the Advanced settings tab.

4. Click to expand the OIDC authentication section.

5. Adjust the settings as needed.

6. Click Save changes.

You’ve successfully updated the OIDC settings.

Was this article helpful?

Not a Gcore user yet?

Discover our offerings, including virtual instances starting from 3.7 euro/mo, bare metal servers, AI Infrastructure, load balancers, Managed Kubernetes, Function as a Service, and Centralized Logging solutions.

Go to the product page
Edit on GitHub