- 13. Sep
This is a config snippet generator for a k8s cluster. This chart deploys the kuberos code snippet generator for clusters using both
- OIDC - OpenID Connect, an authentication layer on top of OAuth 2.0
- RBAC - Role Based Access Controls (in your k8s cluster)
It provides a quick and easy way for an authenticated user to generate and download config for kubectl.
The config snippets that are generated from this chart include OIDC connection details in clear text. These include content that would normally be in secrets.
- Kubernetes 1.8+ with RBAC enabled
- An OIDC provider eg G Suite
- RBAC on your cluster configured to use OIDC
Kubernetes supports several authentication methods, a popular one of which is OIDC. The kubectl commandline tool can be configured to use OIDC authentication, including automatically refreshing its token on invocation. In order to enable this functionality kubectl must be configured with the following parameters:
- A client ID
- A client secret
- An issuer URL
- An ID token
- A refresh token
The latter two of these parameters must be acquired by performing an initial OIDC authentication outside of kubectl. OIDC is an awkward authentication method for a command line tool as it is entirely browser-based. Existing implementations (see Alternatives) provide CLI tools to handle this initial authentication. These CLIs will typically require the user to connect to localhost in their Browser to perform the initial authentication.
Kuberos is designed to instead run as a hosted service. It authenticates users against an OIDC provider, returning a JSON payload of the parameters required by kubectl. Kuberos provides a simple frontend that links to a ~/.kube/config file generated from a supplied template of clusters. It also details how to manually add a user and context to a cluster, and how to use kubectl.
What we do
- Kuberos provides practical, focused and cost-effective IT sourcing advice.
- Kuberos works with clients to understand their situation, develop a sourcing strategy to meet their goals, and select suppliers to implement the strategy.
- Kuberos drives IT services negotiations on behalf of clients and provides support and advice as clients negotiate with suppliers.
- Kuberos is based in London, UK, and works with clients throughout Europe.
Why work with Kuberos?
Kuberos can help you when:
- You want an impartial analysis of your current situation, and an honest opinion of what’s good, and what can be improved.
- You need a partner who can bring the experience required to ensure the outcome of a complex negotiation.
- You have a need for specific skills to supplement a sourcing project team.