Everyone can contribute! Learn DevOps and Cloud Native in our cafe ☕
Technology is moving fast in the DevOps and Cloud Native community.
Join the conversation and add your thoughts, tips, experiences, stories.
"Everyone Can Contribute" is inspired by GitLab's mission.
21. #everyonecancontribute cafe: Secure Kubernetes with OpenID and Kiosk
Highlights
We are learning how to deploy and secure Kubernetes into Hetzner cloud in this series:
-
- cafe: Provisioned the server and agent VMs with Terraform and Ansible in the first session with Max.
-
- cafe: Deployed k3s as Kubernetes distribution with Max.
-
- cafe: Learned about pods and the Hetzner load balancer with Max.
-
- cafe: Ingress controller for load balancer cost savings with Max.
-
- cafe: Break into Kubernetes Security with Philip Welz.
-
- cafe: Securing Kubernetes with Kyverno with Philip Welz.
In this session, we configure OpenID with Dex to use GitLab as Identity Provider in a Kubernetes cluster with Niclas Mietz.
- Install Dex
- GitLab as OpenID Identity Provider
- Connecting Dex with the Kubernetes API server
- Apply the changes with Ansible. MR.
- Log into Kubernetes with kubectl, browser opens asking which IdP to use. Login.
- Authentication with Dex, Authorization with ClusterBindingRoles
- Inspect the JWT token and decode the details, e.g. the issuer. Idea: Get the GitLab username from the IdP shared information to grant fine granular access.
In the future, we’ll explore more Kubernetes topics:
- Multi-tenancy with kiosk.
- CI/CD, IaC and GitOps
- Hetzner storage volumes
- Monitoring with Prometheus, GitLab CI/CD deployments and much more :)
Insights
Recording
Enjoy the session! 🦊
Written by: Michael Friedrich