Kubernetes and OIDC

authn
authz
oidc

#1

OIDC has been a bit of a topic lately and I figured it’d be worth it to start a discussion on the subject. :slight_smile:

It was featured on this week’s TGIK – Going over OIDC/OAuth2 in general along with hooking Kubernetes into Github for auth via CoreOS’s Dex and Heptio’s Gangway.


TGIK Episode 39 Notes

and if you don’t mind a little bit of self promotion – I posted a tutorial on the same subject, but using RedHat’s Keycloak.

Topic Starter

To kick things off, I’d love to know what OIDC provider folks are using along with what Identity backend. e.g.

  • Dex + Github?
  • Dex + Google?
  • Keycloak + AD/LDAP?
  • Azure, Google etc directly?

If any, what pain points have you had?

Office Hours

Additionally, if you’re having any problems or would prefer to toss out a question live – myself and some of the other volunteers on next week’s Office Hours (June 20th) should be available to answer questions :slight_smile: Just hop in the the #office-hours slack channel and ask away!


#2

Kuberos + Dex + LDAP = great! The hardest part is figuring out Dex :slight_smile:


#3

Going by the kubeconfig used to connect, IBM’s hosted kubernetes service uses an oidc auth-provider. Not sure of the details of what’s in the backend, but the IBM Cloud CLI is obviously doing the authentication and token stuff out of band of kubectl.