{"id":23465770,"url":"https://github.com/natrontech/kubeidentity","last_synced_at":"2025-10-31T00:30:51.293Z","repository":{"id":46170956,"uuid":"515140208","full_name":"natrontech/kubeidentity","owner":"natrontech","description":"KubeIdentity allowes you to create and manage Kubernetes Service Accounts with RBAC based on the OAuth GitHub Team membership.","archived":false,"fork":false,"pushed_at":"2022-09-22T13:44:21.000Z","size":7028,"stargazers_count":2,"open_issues_count":2,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-01-10T16:44:45.151Z","etag":null,"topics":["kubernetes","permissions"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/natrontech.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":null}},"created_at":"2022-07-18T10:38:54.000Z","updated_at":"2024-08-25T09:32:25.000Z","dependencies_parsed_at":"2023-01-18T18:34:33.267Z","dependency_job_id":null,"html_url":"https://github.com/natrontech/kubeidentity","commit_stats":null,"previous_names":["natrongmbh/kubeperm"],"tags_count":12,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/natrontech%2Fkubeidentity","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/natrontech%2Fkubeidentity/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/natrontech%2Fkubeidentity/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/natrontech%2Fkubeidentity/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/natrontech","download_url":"https://codeload.github.com/natrontech/kubeidentity/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239081721,"owners_count":19578353,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kubernetes","permissions"],"created_at":"2024-12-24T11:36:44.525Z","updated_at":"2025-10-31T00:30:50.567Z","avatar_url":"https://github.com/natrontech.png","language":"TypeScript","funding_links":["https://github.com/sponsors/janlauber"],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n    \u003ca href=\"https://natron.io/\"\u003e\n        \u003cimg height=\"120px\" src=\"assets/kubeidentity_logo_color.png\" /\u003e\n    \u003c/a\u003e\n    \u003ch1 align=\"center\"\u003e\n        KubeIdentity\n    \u003c/h1\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cstrong\u003e\n    A \u003cbr /\u003e\n    \u003ca href=\"https://github.com/natrongmbh/kubeidentity\"\u003eOAuth Connector\u003c/a\u003e\n    \u003cbr /\u003e\n    for handling GitHub OAuth in your Kubernets cluster.\n  \u003c/strong\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/natrongmbh/kubeidentity/issues\"\u003e\u003cimg\n    src=\"https://img.shields.io/github/issues/natrongmbh/kubeidentity\"\n    alt=\"Build\"\n  /\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/sponsors/janlauber\"\u003e\u003cimg\n    src=\"https://img.shields.io/github/sponsors/janlauber\" \n    alt=\"Sponsors\"\n  /\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/natrongmbh/kubeidentity\"\u003e\u003cimg \n    src=\"https://img.shields.io/github/license/natrongmbh/kubeidentity\" \n    alt=\"License\"\n  /\u003e\u003c/a\u003e\n  \u003ca href=\"https://www.codefactor.io/repository/github/natrongmbh/kubeidentity\"\u003e\u003cimg \n    src=\"https://www.codefactor.io/repository/github/natrongmbh/kubeidentity/badge\" \n    alt=\"CodeFactor\" \n  /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  KubeIdentity allowes you to create and manage Kubernetes Service Accounts with RBAC based on the OAuth GitHub Team membership.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cem\u003e\n    Check out the company behind KubeIdentity – \n    \u003ca\n      href=\"https://natron.io/\"\n    \u003ehttps://natron.io\u003c/a\u003e\n  \u003c/em\u003e\n\u003c/p\u003e\n\n\u003ch2\u003e\u003c/h2\u003e\n\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\n## Everything you would expect\n\n### It's a simple web app\n\nYou can deploy it inside your Kubernetes cluster.  \nMake sure to create a Github OAuth client in your GitHub organization.  \nIt will be used to authenticate your users.  \nThe web app will then show you the list of teams you are a member of.  \nWhen you sign in, it will automatically create a Service Account (default namespace: kubeidentity) for you.\nAnd it will create RBAC rules for you (default cluster role binding: edit).\nAfter that, you can copy the Token or download the Kubeconfig file.\n\n### It's free\n\nEverything is free.  \nIf you want to support us, you can buy us a beer with a Github Sponsorship or contribute some code.\n\n### Open Source\n\nTrust me, I'm open source.  \nYou can find the source code on [Github](https://github.com/natrongmbh/kubeidentity).  \nThe frontend is written in Next.js and the backend in GoLang.  \nLicense: Apache 2.0\n\n\u003ch2\u003e\u003c/h2\u003e\n\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\n## Setup\n\nYou can deploy KubeIdentity in your Kubernetes cluster, but you have to set all the env variables.\n\n- [kubernetes-example](/kubernetes/)\n\n\n### Environment Variables\n\n#### Frontend\n\n- `ENV_GITHUB_CLIENT_ID` (required): Set the GitHub client ID.\n- `ENV_GITHUB_REDIRECT_URI` (required): Set the GitHub redirect URI. (e.g. `https://\u003curl-from-frontend\u003e`)\n- `ENV_GITHUB_OAUTH_URI` (required): Set the GitHub OAuth URI. (e.g. `https://\u003curl-from-backend\u003e/api/auth/github`)\n\n#### Backend\n\n- `CORS` (optional): Set CORS headers for the API.  \n  Default: `*`\n- `JWT_SECRET_KEY` (optional): Set the JWT secret key.  \n  Default: random string of 32 characters.\n- `GITHUB_CALLBACK_URL` (optional): Set the callback URL for the GitHub OAuth.  \n  Default: `http://localhost:8000/auth/github/callback`\n- `GITHUB_CLIENT_ID` (required): Set the GitHub client ID.\n- `GITHUB_CLIENT_SECRET` (required): Set the GitHub client secret.\n- `GITHUB_ORGANIZATION` (required): Set the GitHub organization.\n- `KUBEIDENTITY_NAMESPACE` (optional): Set the Kubernetes namespace, where the Service Accounts will be created. (it will be created if it doesn't exist)  \n  Default: `kubeidentity`\n- `DEFAULT_CLUSTER_ROLE` (optional): Set the default cluster role which gets assigned to every ServiceAccount.  \n  Default: `edit`","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnatrontech%2Fkubeidentity","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnatrontech%2Fkubeidentity","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnatrontech%2Fkubeidentity/lists"}