From 841ef176550a1d378b13283afa0dd9e833fcae2c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=AD=99=E6=8C=AF=E5=AE=87?= <>
Date: Mon, 13 Jan 2025 19:34:48 +0800
Subject: [PATCH] feat(k8s): update OIDC username prefix to allow full claim
 value
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 孙振宇 <>
---
 .../ansible/manifests/group_vars/k8s_cluster/k8s-cluster.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/cluster/ansible/manifests/group_vars/k8s_cluster/k8s-cluster.yml b/cluster/ansible/manifests/group_vars/k8s_cluster/k8s-cluster.yml
index 968eae41..4db8649e 100644
--- a/cluster/ansible/manifests/group_vars/k8s_cluster/k8s-cluster.yml
+++ b/cluster/ansible/manifests/group_vars/k8s_cluster/k8s-cluster.yml
@@ -51,9 +51,10 @@ kube_oidc_client_id: 7cd1df19-24ea-46d7-acd3-5336283139e0
 ## Optional settings for OIDC
 # kube_oidc_ca_file: "{{ kube_cert_dir }}/ca.crt"
 kube_oidc_username_claim: upn
-kube_oidc_username_prefix: 'mathmast:'
+# Set to - means that the username is the entire value of the claim
+kube_oidc_username_prefix: -
 kube_oidc_groups_claim: roles
-kube_oidc_groups_prefix: 'mathmast:'
+# kube_oidc_groups_prefix: 'oidc:'
 
 ## Variables to control webhook authn/authz
 # kube_webhook_token_auth: false