Asking for help? Comment out what you need so we can get more information to help you!
Cluster information:
Kubernetes version: 1.23.9
Cloud being used: (put bare-metal if not on a public cloud)
Installation method: kubeadm
Host OS: centos7
Keycloak version: 21.0.2
kubernetes fails to interface with Keycloak OIDC。
I get only access_token, but kubernetes officially writes id-token, no I know if this is one of the reasons why I don’t succeed
curl -k -X POSTs/master/protocol/openid-connect/token -H 'Accept: application/json' -H 'Content-Type: application/x-www-form-urlencoded' -H 'cache-control: no-cache' -d 'grant_type=password&username=user-admin&password=user-admin&client_id=gitlab&client_secret=gitlab-client-secret'|jq .
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJJNmc3Sm13U1pXMmNoZmlNWUlBQTIxTmxNSjdLWXBPdHZlSlloUHY0NDlRIn0.eyJleHAiOjE2ODE5NTk1MjksImlhdCI6MTY4MTk1OTQ2OSwianRpIjoiZjg3ZTVkY2MtMTcxNy00YzljLTk2MTAtYWZhODExMTNiYmJiIiwiaXNzIjoiaHR0cHM6Ly9rZXljbG9hay5rZXljbG9hay5zdmMuY2x1c3Rlci5sb2NhbC9yZWFsbXMvbWFzdGVyIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6ImFiODFkNWIyLWNiOTctNGU1OC05MTFjLTliZDdmOGM2ODExMiIsInR5cCI6IkJlYXJlciIsImF6cCI6ImdpdGxhYiIsInNlc3Npb25fc3RhdGUiOiI1YjQzNzExZC00MGYxLTQ0MTQtODYyNi1iZmE1MzAxYWU3OTkiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiZGVmYXVsdC1yb2xlcy1tYXN0ZXIiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJlbWFpbCBncm91cHMgcHJvZmlsZSIsInNpZCI6IjViNDM3MTFkLTQwZjEtNDQxNC04NjI2LWJmYTUzMDFhZTc5OSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoidXNlci1hZG1pbiB1c2VyLWFkbWluIiwiZ3JvdXBzIjpbImdpdGxhYi1hZG1pbiJdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJ1c2VyLWFkbWluIiwiZ2l2ZW5fbmFtZSI6InVzZXItYWRtaW4iLCJmYW1pbHlfbmFtZSI6InVzZXItYWRtaW4iLCJlbWFpbCI6InVzZXItYWRtaW5AZG9tYWluLmNvbSJ9.DxWAP7MwhE-Jv1h50dqXOTF6h0wtW1MapyX9UNOxUQV3AD8HsOUsq7zduhxePoPRwCg-ujSUmaDYdTojH6g6ErvbHW7x7s31f_QubmcfWAPRGpvyV9QpU3dYzaI4VuO6JI0rgY3rWwAhVYRQfTLxUQfH1fTCmgj5wDZ7Dt609TWRD3Dd5uIs3IqhFDxMtlIKZ3aoO4OXh9bn34pCCjUbpbD1T8eL1HVQ4dz05esL66cfbAeKq5aTDtpF32kqo5S1ZXxIoTzGsBW8Ch1pmhmFgigkEhIL357xtKcIA8J_hE9u19mNvl-0pNo0I-sdTgdLwmThybhLE48QwqfKA0lSwA",
"expires_in": 60,
"refresh_expires_in": 1800,
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJmZmM1YTQ0MC00MWIxLTQzNzItYWEyMC03MTY3YzcxOWMyNzcifQ.eyJleHAiOjE2ODE5NjEyNjksImlhdCI6MTY4MTk1OTQ2OSwianRpIjoiZDlmNDYyZjEtMTI1ZC00MmI4LThiYWEtN2M2MzM2NTJlNWU4IiwiaXNzIjoiaHR0cHM6Ly9rZXljbG9hay5rZXljbG9hay5zdmMuY2x1c3Rlci5sb2NhbC9yZWFsbXMvbWFzdGVyIiwiYXVkIjoiaHR0cHM6Ly9rZXljbG9hay5rZXljbG9hay5zdmMuY2x1c3Rlci5sb2NhbC9yZWFsbXMvbWFzdGVyIiwic3ViIjoiYWI4MWQ1YjItY2I5Ny00ZTU4LTkxMWMtOWJkN2Y4YzY4MTEyIiwidHlwIjoiUmVmcmVzaCIsImF6cCI6ImdpdGxhYiIsInNlc3Npb25fc3RhdGUiOiI1YjQzNzExZC00MGYxLTQ0MTQtODYyNi1iZmE1MzAxYWU3OTkiLCJzY29wZSI6ImVtYWlsIGdyb3VwcyBwcm9maWxlIiwic2lkIjoiNWI0MzcxMWQtNDBmMS00NDE0LTg2MjYtYmZhNTMwMWFlNzk5In0.8TFLv_x6SPrqhzIGAaiyT--TdCqav7ZWW7VGSdBN4yU",
"token_type": "Bearer",
"not-before-policy": 0,
"session_state": "5b43711d-40f1-4414-8626-bfa5301ae799",
"scope": "email groups profile"
}
