Configure the kubectl command line tool to work with OIDC.

  1. Update your context to the cluster.
    aws eks update-kubeconfig --name tech-partners --region us-west-2
  2. Configure the kubectl OIDC login by using the Issuer URL, Client ID, and Client Secret created in the PingOne EKS application.
    ubectl oidc-login setup --oidc-issuer-url=
    7e29215f-b6c3-42f5-9153-85147e3de93a --oidc-client-id=7e29215f-b6c3-42f5-9153-85147e3de93a 
  3. Bind a Cluster Role to a PingOne account.
    kubectl create clusterrolebinding oidc-cluster-admin --clusterrole=cluster-admin 
  4. Set up the kubeconfig with the OIDC PingOne configuration.
    kubectl config set-credentials oidc \ \
    --exec-command=kubectl \
    --exec-arg=oidc-login \
    --exec-arg=get-token \  --exec-arg=--oidc-issuer-url=
    7e29215f-b6c3-42f5-9153-85147e3de93a \
    --exec-arg=--oidc-client-id=7e29215f-b6c3-42f5-9153-85147e3de93a \ --exec-arg=--oidc-client-
    --exec-arg -v1 

    The --exec-arg -v1 sets kubectl to verbose logging, which is useful for troubleshooting.

OIDC for EKS is configured, and PingOne users can authenticate to EKS by executing any kubectl command.