From 561906df63f37b460b3fd901eee151c28e83673f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=AD=99=E6=8C=AF=E5=AE=87?= <>
Date: Mon, 13 Jan 2025 13:10:07 +0800
Subject: [PATCH] feat(k8s): enable integrates with Microsoft Entra ID
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 孙振宇 <>
---
 .../manifests/group_vars/k8s_cluster/k8s-cluster.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/cluster/ansible/manifests/group_vars/k8s_cluster/k8s-cluster.yml b/cluster/ansible/manifests/group_vars/k8s_cluster/k8s-cluster.yml
index d55be4d0..eba3eebc 100644
--- a/cluster/ansible/manifests/group_vars/k8s_cluster/k8s-cluster.yml
+++ b/cluster/ansible/manifests/group_vars/k8s_cluster/k8s-cluster.yml
@@ -46,14 +46,14 @@ credentials_dir: "{{ inventory_dir }}/credentials"
 ## Variables for OpenID Connect Configuration https://kubernetes.io/docs/admin/authentication/
 ## To use OpenID you have to deploy additional an OpenID Provider (e.g Dex, Keycloak, ...)
 
-# kube_oidc_url: https:// ...
-# kube_oidc_client_id: kubernetes
+kube_oidc_url: https://login.microsoftonline.com/cf151ee8-5c2c-4fe7-a1c4-809ba43c9f24
+kube_oidc_client_id: 7cd1df19-24ea-46d7-acd3-5336283139e0
 ## Optional settings for OIDC
 # kube_oidc_ca_file: "{{ kube_cert_dir }}/ca.pem"
-# kube_oidc_username_claim: sub
-# kube_oidc_username_prefix: 'oidc:'
-# kube_oidc_groups_claim: groups
-# kube_oidc_groups_prefix: 'oidc:'
+kube_oidc_username_claim: sub
+kube_oidc_username_prefix: 'mathmast:'
+kube_oidc_groups_claim: groups
+kube_oidc_groups_prefix: 'mathmast:'
 
 ## Variables to control webhook authn/authz
 # kube_webhook_token_auth: false