Single Sign-On for Kubernetes
User management is hard. At Pusher, with an expanding engineering team, we wanted to build a simple identity management experience within our Kubernetes infrastructure. In this talk, I explore authent …
| Talk Title | Single Sign-On for Kubernetes |
| Speakers | Joel Speed (Cloud Infrastructure Engineer, Pusher) |
| Conference | KubeCon + CloudNativeCon North America |
| Conf Tag | |
| Location | Seattle, WA, USA |
| Date | Dec 9-14, 2018 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
User management is hard. At Pusher, with an expanding engineering team, we wanted to build a simple identity management experience within our Kubernetes infrastructure. In this talk, I explore authentication options and demonstrate how Single Sign-On works within our Kubernetes clusters. Kubernetes supports a Single Sign-On protocol called OpenID Connect (OIDC). I’ll take a deep dive into how OIDC authentication flows work before showing how we created a simple log-in experience for our Developers with features such as short-lived tokens, automatic refreshing, group management and a unified identity between the command line (Kubectl) and the browser (Kubernetes Dashboard).
