Kubernetes supports several authentication methods, a popular one of which is OIDC. The kubectl commandline tool can be…
This is a config snippet generator for a k8s cluster. This chart deploys the kuberos code snippet generator for clusters using both
It provides a quick and easy way for an authenticated user to generate and download config for kubectl.
The config snippets that are generated from this chart include OIDC connection details in clear text. These include content that would normally be in secrets.
Kubernetes supports several authentication methods, a popular one of which is OIDC. The kubectl commandline tool can be configured to use OIDC authentication, including automatically refreshing its token on invocation. In order to enable this functionality kubectl must be configured with the following parameters:
The latter two of these parameters must be acquired by performing an initial OIDC authentication outside of kubectl. OIDC is an awkward authentication method for a command line tool as it is entirely browser-based. Existing implementations (see Alternatives) provide CLI tools to handle this initial authentication. These CLIs will typically require the user to connect to localhost in their Browser to perform the initial authentication.
Kuberos is designed to instead run as a hosted service. It authenticates users against an OIDC provider, returning a JSON payload of the parameters required by kubectl. Kuberos provides a simple frontend that links to a ~/.kube/config file generated from a supplied template of clusters. It also details how to manually add a user and context to a cluster, and how to use kubectl.
Kuberos can help you when:
Tell us about a new Kubernetes application
Never miss a thing! Sign up for our newsletter to stay updated.
Discover and learn about everything Kubernetes