Administration Guides
Configure the mapping​
The mappings between the OIDC groups and the logs database local users is a list with the following format :
mappings:
- matchOn: my-oidc-group
username: my-db-local-username
secretName: kubernetes-secret
- matchOn: my-other-oidc-group
username: my-other-db-local-username
secretName: kubernetes-other-secret
The first thing to note is that the list is ordered. When a user makes a request the proxy will try to find a match for the user and will stop on the first match.
In our exemple, a user with both the my-oidc-group & my-other-oidc-group OIDC groups, will match based on the my-oidc-group OIDC group & use the my-db-local-username local account.
For each item in the list :
matchOn: Which OIDC group the user should have for this match to succeedusername: username of the local account to usesecretName: secret which contains the local user credentials- This secret should contain the
usernamefield from above as a key. The value of this key is the user password. - eg: The
kubernetes-secretsecret should contain amy-db-local-usernamekey whose value is themy-db-local-usernameuser's password.
- This secret should contain the