Connecting to the Cluster
Note
These instructions are for general cluster users. You do not need AWS EKS access. Before proceeding, ensure your account has been set up in Keycloak by a cluster admin.
Prerequisites
kubelogin— akubectlplugin that handles OIDC login. Follow the installation instructions at the link.- An
oidc_kubeconfigfile provided by your cluster admin. - Your OIDC client secret, provided by your cluster admin.
Step 1 — Download the Kubeconfig
Download the kubeconfig for this cluster and save it to a convenient location:
Then export the KUBECONFIG environment variable pointing to it:
export KUBECONFIG=${PWD}/oidc_kubeconfig
Step 2 — Log In
Run the following command to initiate OIDC login:
kubectl oidc-login setup \
--oidc-issuer-url=https://keycloak.northstrat.dev/realms/ude \
--oidc-client-id=ai-tools-kube-apiserver \
--oidc-client-secret=<your-client-secret>
Replace <your-client-secret> with the secret provided by your cluster admin.
Info
A browser window will open and you will be presented with a Keycloak login screen. Enter your credentials and complete the login. Once authenticated, the CLI will print a setup command — run it to complete the configuration.
Step 3 — Access the Cluster
Once setup is complete, verify your access:
kubectl --user=oidc get pods
To avoid specifying --user=oidc on every command, set it as your current context user:
kubectl config set-context --current --user=oidc
After that, standard kubectl commands will work without any additional flags:
kubectl get pods
kubectl get namespaces