Everyone is welcome, everyone can contribute, everyone is unique and these are your strengths too!

21. #everyonecancontribute cafe: Secure Kubernetes with OpenID and Kiosk


Highlights

We are learning how to deploy and secure Kubernetes into Hetzner cloud in this series:

In this session, we configure OpenID with Dex to use GitLab as Identity Provider in a Kubernetes cluster with Niclas Mietz.

  • Install Dex
  • GitLab as OpenID Identity Provider
  • Connecting Dex with the Kubernetes API server
  • Apply the changes with Ansible. MR.
  • Log into Kubernetes with kubectl, browser opens asking which IdP to use. Login.
  • Authentication with Dex, Authorization with ClusterBindingRoles
  • Inspect the JWT token and decode the details, e.g. the issuer. Idea: Get the GitLab username from the IdP shared information to grant fine granular access.

In the future, we’ll explore more Kubernetes topics:

  • Multi-tenancy with kiosk.
  • CI/CD, IaC and GitOps
  • Hetzner storage volumes
  • Monitoring with Prometheus, GitLab CI/CD deployments and much more :)

Insights

Recording

Enjoy the session! 🦊


Date published: March 17, 2021

Tags: Gitlab, Hetzner, Cloud, Terraform, Ansible, Kubernetes, Security, Dex, Kiosk, Openid