Konvoy DocumentationBy default, kube-oidc-proxy prefixes oidc: to all group names returned for the user. For example, if the Identity Provider reports that the user belongs to the group accounting , then Dex changes this to odic:accounting.
When you refer to a group in RBAC RoleBindings and ClusterRoleBindings, you need to use the prefixed name.
If the default prefix does not work for you, change it by following these steps:
-
Open
cluster.yaml. -
Add the following under the
kube-oidc-proxyaddon configuration. Substitute<group-prefix>with the name you want to use as the group prefix.- name: kube-oidc-proxy enabled: true values: | oidc: groupsPrefix: <group-prefix> -
Run
konvoy deploy addons, orkonvoy up, if you have not deployed the cluster. -
If you ran
konvoy deploy addons, restart thekube-oidc-proxypod to load the updated config.kubectl delete pods --namespace kubeaddons --selector=app.kubernetes.io/name=kube-oidc-proxy