vCluster with OIDC

This post covers the use of vCluster  with the addition of OIDC. The outcome will be a namespaced control plane (vCluster), preconfigured for OIDC with a specified group added to the cluster-admin role. This is a stepping stone to fully automated vCluster deployment. With this setup, we can use email, or Slack, or whatever we’d like to distribute the kubeconfig files.

There are additional automation requirements remaining before we get to a completely turnkey control plane provisioning level. This is just the first step in that direction.

I’m using the default vCluster Helm chart with some added values. The vCluster Helm templates and value files would need additional work for complete automation. This is primarily due to the way vCluster constructs the kubeconfig files. Beyond the Chart, vCluster uses some ‘helper’ code from a pod to construct it. That is likely another area we’d have to dive into. Short of that, we can modify the kubeconfig files manually (which I’m doing in this post).

One additional part of the automation we’d want to expand on is the inclusion of an Ingress definition for each cluster (would also need to wrap back into the kubeconfig file).  I’m shortcutting and using LB service but published a writeup on using Ingress here..

As always, I’ll transition to a GitHub repo for the rest…