Everyone can contribute! Let's learn together in a weekly cafe ☕

We love to break things, make mistakes, debug, analyse, fix problems together. Live and unfiltered on Youtube.

Community members and thought leaders regularly join and share their projects and ideas.

"Everyone Can Contribute" is inspired by GitLab's mission.

21. #everyonecancontribute cafe: Secure Kubernetes with OpenID and Kiosk


We are learning how to deploy and secure Kubernetes into Hetzner cloud in this series:

In this session, we configure OpenID with Dex to use GitLab as Identity Provider in a Kubernetes cluster with Niclas Mietz.

  • Install Dex
  • GitLab as OpenID Identity Provider
  • Connecting Dex with the Kubernetes API server
  • Apply the changes with Ansible. MR.
  • Log into Kubernetes with kubectl, browser opens asking which IdP to use. Login.
  • Authentication with Dex, Authorization with ClusterBindingRoles
  • Inspect the JWT token and decode the details, e.g. the issuer. Idea: Get the GitLab username from the IdP shared information to grant fine granular access.

In the future, we’ll explore more Kubernetes topics:

  • Multi-tenancy with kiosk.
  • CI/CD, IaC and GitOps
  • Hetzner storage volumes
  • Monitoring with Prometheus, GitLab CI/CD deployments and much more :)



Enjoy the session! 🦊

Date published: March 17, 2021

Tags: Gitlab, Hetzner, Cloud, Terraform, Ansible, Kubernetes, Security, Dex, Kiosk, Openid