--- title: Using Cognito for OIDC Integration with MicroK8s tags: ["Kubernetes", "MicroK8s", "OIDC", "Cognito"] categories: ["Dev", "CaaS", "Kubernetes", "MicroK8s"] date: 2025-02-10T04:26:17Z updated: 2025-02-10T04:28:43Z --- > ⚠️ This article was automatically translated by OpenAI (gpt-4o-mini). > It may be edited eventually, but please be aware that it may contain incorrect information at this time. Using Cognito for [OIDC integration](https://microk8s.io/docs/oidc-dex) with MicroK8s. Refer to [here](/entries/782) for the installation of MicroK8s. Assuming that the Cognito User Pool has already been created, create a client. Click on "Create app client".

Set "Application Type" to "Traditional web application" and enter `microk8s` in "Name your application". Set `http://localhost:8000` (the callback URL for [kubelogin](https://github.com/int128/kubelogin)) in "Return URL" and click the "Create app client" button. (The screenshot shows `http://localhost:18000`, but it should be `http://localhost:8000`.)

Although not mandatory, it is safer to add `http://localhost:18000` as a fallback port in case the local `8000` port is already in use.

Copy the "Client ID" and "Client secret" from the "App client information" panel.

Copy the path up to `/.well-known/jwks.json` from the "Token signing key URL" in the User Pool's "Overview" panel.

Log in to the server where the MicroK8s Controlplane is installed and modify `/var/snap/microk8s/current/args/kube-apiserver`. Adjust the variables according to your environment and execute the following command. ``` OIDC_ISSUER_URL=https://cognito-idp.ap-northeast-1.amazonaws.com/ap-northeast-1_tv3NHZAKO OIDC_CLIENT_ID=3ftgo86lgdb2mb0fr0jho761q9 OIDC_USERNAME_CLAIM=email OIDC_GROUPS_CLAIM=cognito:groups cat < Upon successful login,

the Username and Groups will be mapped as follows. ``` $ kubectl auth whoami ATTRIBUTE VALUE Username oidc:makingx@gmail.com Groups [oidc:platform-engineer system:authenticated] ```