Skip to content
/ kube-openid-connect Public

An application that can be used to easily enable authentication flows via OIDC for a kubernetes cluster.

devopstales.github.io/tags/kube-openid-connect/

License

Apache-2.0 license
9 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

devopstales/kube-openid-connect

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

51 Commits
docs/images
docs/images
 
 
go-client
go-client
 
 
py-client
py-client
 
 
server
server
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Kube OpenID Connect

Kube OpenID Connect is an application that can be used to easily enable authentication flows via OIDC for a kubernetes cluster. Kubernetes supports OpenID Connect Tokens as a way to identify users who access the cluster. Kube OpenID Connect helps users with it's kubectl plugin to authenticate and get kubectl config.

Kube OpenID Connect screenshot

How It Works

Kube OpenID Connect has two main component the server an the kubectl plugin. The server is written in python and the kubectl plugin in go for easier multi architecture build. When you want to login to a Kubernetes cluster you just simply use the kubectl login command to connect to the server component. It will open the OpenID authentication page in you browser. After you successfully logged in the server based on yout JWT token generates a kubectl config and push back to your kubectl plugin, that writes it to your config.

Deployment

To ease deployment I created a helm chart for kube-openid-connect.

helm repo add devopstales https://devopstales.github.io/helm-charts
helm repo update

kubectl create ns kubeauth
kubens kubeauth
helm upgrade --install kubelogin devopstales/kube-openid-connect -f values.yaml

Install the Kubectl plugin

# Homebrew (macOS and Linux)
brew tap devopstales/devopstales
brew install kubectl-login

# Main Krew with differente name (macOS, Linux, Windows and ARM)
kubectl krew install dtlogin

# My krew repo (macOS, Linux, Windows and ARM)
kubectl krew index add devopstales https://github.com/devopstales/krew
kubectl krew install devopstales/login

# My krew repo (macOS, Linux, Windows and ARM)
kubectl krew index add devopstales https://github.com/devopstales/krew
kubectl krew install devopstales/login

# Chocolatey (Windows)
choco install kubectl-login

# Binary release (Windows, macOS and Linux)
https://github.com/devopstales/kube-openid-connect/releases

Use the plugin to login:

Point the url to the ingress of the server component:

$ kubectl login https://kubeauth.k8s.intra
Configfile created with config for productioncluster to ~/.kube/config
# OR If you installed from main Krew
kubectl dtlogin https://kubeauth.k8s.intra
Happy Kubernetes interaction!

Build executable

pip3 install -r requirements.txt
pyinstaller --onefile --noconfirm --noconsole --clean --log-level=WARN --key=MySuperSecretPassword --strip kubectl-login.py

About

An application that can be used to easily enable authentication flows via OIDC for a kubernetes cluster.

devopstales.github.io/tags/kube-openid-connect/

Topics

kubernetes authentication openid openid-connect oidc kubectl-plugins

Resources

Readme

License

Apache-2.0 license
Activity

Stars

9 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases 5

client_v1.1 Latest
May 28, 2022
+ 4 releases

Packages

No packages published

Languages