{"id":13522109,"url":"https://github.com/zjj2wry/kubectl-login","last_synced_at":"2026-05-14T20:33:09.463Z","repository":{"id":88128191,"uuid":"147148038","full_name":"zjj2wry/kubectl-login","owner":"zjj2wry","description":"The kubectl plugin is used to login to the kubernetes cluster by oidc authentication.","archived":false,"fork":false,"pushed_at":"2018-09-04T11:24:45.000Z","size":34694,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-09-06T09:47:25.192Z","etag":null,"topics":["authenticate","authentication","kubectl","kubectl-plugins","kubernetes","oidc"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zjj2wry.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-09-03T03:41:39.000Z","updated_at":"2019-01-15T12:28:11.000Z","dependencies_parsed_at":"2023-05-18T10:00:14.593Z","dependency_job_id":null,"html_url":"https://github.com/zjj2wry/kubectl-login","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/zjj2wry/kubectl-login","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zjj2wry%2Fkubectl-login","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zjj2wry%2Fkubectl-login/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zjj2wry%2Fkubectl-login/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zjj2wry%2Fkubectl-login/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zjj2wry","download_url":"https://codeload.github.com/zjj2wry/kubectl-login/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zjj2wry%2Fkubectl-login/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33042195,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-13T13:14:54.681Z","status":"online","status_checked_at":"2026-05-14T02:00:06.663Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authenticate","authentication","kubectl","kubectl-plugins","kubernetes","oidc"],"created_at":"2024-08-01T06:00:42.340Z","updated_at":"2026-05-14T20:33:09.443Z","avatar_url":"https://github.com/zjj2wry.png","language":"Go","funding_links":[],"categories":["kubectl Plugins"],"sub_categories":["Installing plugins via awesome-kubectl-plugins"],"readme":"# kubectl-login\n\nkubectl-login 用于登陆 kubernetes 集群，需要 [kubernetes api-server 开启 oidc authn](https://kubernetes.io/docs/reference/access-authn-authz/authentication/)。\n\n![kubectl login](kubectl-login-plugin.gif)\n\n## example\n\n\u003e 可以直接使用命令登陆集群，如果使用最新版本的 kubectl(1.13)，可以把 kubectl-login 移动到 /usr/local/bin/ 目录下，然后使用 kubectl login 登陆集群。\n\n### 配置 kubeconfig 的集群和 contexts 信息\n```text\napiVersion: v1\nclusters:\n- cluster:\n    certificate-authority-data: {ca}\n    server: https://192.168.21.133:6443\n  name: cps-console-web\ncontexts:\n- context:\n    cluster: cps-console-web\n    user: kubectl\n  name: default\ncurrent-context: default\nkind: Config\npreferences: {}\n```\n\n### 配置 kubeconfig users 信息\n如上，现在只有被访问集群的目标地址和 context 信息，但是缺少访问集群的 credentials 信息，配置 oidc auth provider 的配置。\n\n```bash\nkubectl config set-credentials USER_NAME \\\n   --auth-provider=oidc \\\n   --auth-provider-arg=idp-issuer-url=( issuer url ) \\\n   --auth-provider-arg=client-id=( your client id ) \\\n   --auth-provider-arg=client-secret=( your client secret ) \\\n```\n\n### 执行 kubectl login 命令获取 oidc IDToken 和 refresh token\n\n执行后如果之前没有登陆过，会先跳到认证中心的登陆页，如果之前登陆过则会保存返回的 IDToken 和 refresh token 到 kubeconfig 文件。使用 kubectl config view 查看当前的 auth 信息。另外获取的 id-token 可以直接用于访问 hodor API。\n```\n➜ kubectl config view\nusers:\n- name: kubectl\n  user:\n    auth-provider:\n      config:\n        client-id: kubernetes\n        client-secret: kubernetes\n        id-token: {very long token}\n        idp-issuer-url: http://192.168.10.168:8010\n        refresh-token: 9qHcywA36HTAwKzbjHJbLw8t_qD\n      name: oidc\n```\n\n## future work\n1. support logout\n2. support https\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzjj2wry%2Fkubectl-login","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzjj2wry%2Fkubectl-login","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzjj2wry%2Fkubectl-login/lists"}