I enabled LDAP auth method on Vault and I was issuing the following command to get a token from Vault:
vault read identity/oidc/token/kubernetes
Have followed this article: Authenticate to Kubernetes using Hashicorp Vault – /var/log/tmaurice
This method requires mutating kubeconfig to add a custom script such as:
tokenData=$(vault read -format json identity/oidc/token/k8s-token | jq -c .)
which also requires authentication to Vault:
So we have to issue:
$ vault login -method=ldap username=user01 (Get token) $ export VAULT_ADDR=http://localhost:8200 $ export VAULT_TOKEN=REDACTED
The major prerequisites in this UX are to have a vault client in local, manual vault login, and each user should export
VAULT_ variables. Instead, what I want to achieve is to use kubelogin to auth Kubernetes cluster. It should open Vault login page, user should type their username and password, then authentication should be completed. Eventually, kubelogin should return a token to authenticate API server.
Any thoughts on this?