TGI Kubernetes is a weekly live video stream all about Kubernetes.
Jun 15 2018
Lots more details on this episode (including the YAML used) at https://github.com/heptio/tgik/tree/master/episodes/039.
Come hang out with Joe Beda as he does a bit of hands on hacking of Kubernetes and related topics. Some of this will be Joe talking about the things he knows. Some of this will be Joe exploring something new with the audience. Come join the fun, ask questions, comment, and participate in the live chat!
This week we'll be exploring setting up cluster auth with a combination of GitHub, Dex (from CoreOS/Red Hat) and Heptio Gangway. We'll also mix in a little Contour and Cert Manager. The end result will be a secure auth framework as a building block for a multi-team cluster.
Timestamps for the episode
[06:24] News from Around the Community - k8s 1.11, Ark .9
[14:05] https://aws.amazon.com/eks/
[20:43] https://github.com/negz/kuberos
[21:01] https://medium.com/@mrbobbytables/kubernetes-day-2-operations-authn-authz-with-oidc-and-a-little-help-from-keycloak-de4ea1bdbbe
[22:14] https://github.com/appscode/guard
[24:07] Joe will be covering adding github authentication to a kubernetes cluster in this episode using openid with dex.
[00:24] Let's start configuring and theory-crafting
[28:22] A primer of how does OAuth works
[53:53] Setting up an OAuth in github
[1:00:19] Jim Angel asks "Do you think Dex will die out as RH merges Tectonic, Dex's main driving force, with OpenShift (since OpenShift already has auth using OCP cli + poor Dex documentation)?"
[01:18:44] Application is stood up and working
[01:23:40] The server= line is empty!
[01:25:55] Logged in, and Joe can't get pods
because …. RBAC! (This is a good thing)
[01:28:00] Jose and Simon can log in, but have no permissions to do anything
[01:30:52] Let's try to give Simon access to Joe's cluster
[01:32:35] Simon crushes Joe's wallet and launches a 100 instances.
[01:34:29] Simon terminates the pods