Single Sign-On for Kubernetes - Joel Speed, Pusher
![CNCF [Cloud Native Computing Foundation]](http://yt3.ggpht.com/txe66EjpkDQQlx_4jDV0yA0PPsww0rqQrFhMpDqagLWN2-EUBBO65IuIyy5tEFVmpI4_RRduzXc=s48-c-k-c0x00ffffff-no-rj)
Vložit
- čas přidán 2. 06. 2024
- Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Single Sign-On for Kubernetes - Joel Speed, Pusher
User management is hard. At Pusher, with an expanding engineering team, we wanted to build a simple identity management experience within our Kubernetes infrastructure. In this talk, I explore authentication options and demonstrate how Single Sign-On works within our Kubernetes clusters. Kubernetes supports a Single Sign-On protocol called OpenID Connect (OIDC). I’ll take a deep dive into how OIDC authentication flows work before showing how we created a simple log-in experience for our Developers with features such as short-lived tokens, automatic refreshing, group management and a unified identity between the command line (Kubectl) and the browser (Kubernetes Dashboard).
To learn more: sched.co/Gra3 - Krátké a kreslené filmy
Really awesome!
Amazing
Keycloak seems like a more sophisticated OIDC provider than Dex, I am surprised you have not looked into it
heavy is something relative. I just want to point out that Keycloak have moved to using Quarkus which reduced the overall "heaviness"
{
"sub": "1234567890",
"name": "John Doe",
"admin": true
}