(#173) Add k1 oidc configuration

This patch aligns with the reconfiguration of the k1 apiserver with the `--service-account-issuer=https://openinfrastructure.co/clusters/k1` flag so we can configure an external identity provider in AWS.
openinfrastructure · Nov 17, 2023 · ab77f59 · ab77f59
1 parent 2a74c2c
commit ab77f59
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 0 deletions.
diff --git a/static/clusters/k1/.well-known/openid-configuration b/static/clusters/k1/.well-known/openid-configuration
@@ -0,0 +1,13 @@
+{
+  "issuer": "https://openinfrastructure.co/clusters/k1",
+  "jwks_uri": "https://openinfrastructure.co/clusters/k1/openid/v1/jwks",
+  "response_types_supported": [
+    "id_token"
+  ],
+  "subject_types_supported": [
+    "public"
+  ],
+  "id_token_signing_alg_values_supported": [
+    "RS256"
+  ]
+}
diff --git a/static/clusters/k1/openid/v1/jwks b/static/clusters/k1/openid/v1/jwks
@@ -0,0 +1,12 @@
+{
+  "keys": [
+    {
+      "use": "sig",
+      "kty": "RSA",
+      "kid": "MvHLRs2SorqOzwMAyc6sH2dmvUeyZfo4JyQgCkHFsaY",
+      "alg": "RS256",
+      "n": "yxbLeG3IKPy8fYXbnK22EWlVaBA9VdhFm-dFPhIkvbeAmj2gq9B3XvpW4mDd8iWhXRyY-9HDL8C0-WLH2WTlEXiHZiF3FO2B2wGRBZ4DhAMBoCJFWlXAif74oM3aX4H9vq1ZVHhx35krlfx540fW-SWcI6uwUNKilUmvzLsBH1DrLYWSaPhAwFVn9QppEPRJW00KnU95xBrHra6d-6ldk4uAlYw3EsJhCNx5T3PN5-w5kkrWD8NSXwqSVovzrbnxpYRs888cm7xKpx2Sg7JSzMzxVNI-M1A2V_xkUw3S5VjO6NccxaeVgLs1qVdPSEObfbV9wf8hakXznza8Leq_0w",
+      "e": "AQAB"
+    }
+  ]
+}