https://github.com/natrontech/kubeidentity

KubeIdentity allowes you to create and manage Kubernetes Service Accounts with RBAC based on the OAuth GitHub Team membership.
https://github.com/natrontech/kubeidentity

kubernetes permissions

Last synced: 30 days ago
JSON representation

KubeIdentity allowes you to create and manage Kubernetes Service Accounts with RBAC based on the OAuth GitHub Team membership.

• Host: GitHub
• URL: https://github.com/natrontech/kubeidentity
• Owner: natrontech
• License: apache-2.0
• Created: 2022-07-18T10:38:54.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2022-09-22T13:44:21.000Z (over 2 years ago)
• Last Synced: 2024-04-28T05:47:04.716Z (9 months ago)
• Topics: kubernetes, permissions
• Language: TypeScript
• Homepage:
• Size: 6.7 MB
• Stars: 2
• Watchers: 0
• Forks: 0
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Codeowners: CODEOWNERS
  • Security: SECURITY.md

Awesome Lists containing this project

README

        


    

        

    

    


        KubeIdentity

    




  

    A 


    OAuth Connector

    


    for handling GitHub OAuth in your Kubernets cluster.

  





  

  

  

  





  KubeIdentity allowes you to create and manage Kubernetes Service Accounts with RBAC based on the OAuth GitHub Team membership.





  

    Check out the company behind KubeIdentity – 

    https://natron.io

  





 


## Everything you would expect

### It's a simple web app

You can deploy it inside your Kubernetes cluster.  

Make sure to create a Github OAuth client in your GitHub organization.  

It will be used to authenticate your users.  

The web app will then show you the list of teams you are a member of.  

When you sign in, it will automatically create a Service Account (default namespace: kubeidentity) for you.

And it will create RBAC rules for you (default cluster role binding: edit).

After that, you can copy the Token or download the Kubeconfig file.

### It's free

Everything is free.  

If you want to support us, you can buy us a beer with a Github Sponsorship or contribute some code.

### Open Source

Trust me, I'm open source.  

You can find the source code on [Github](https://github.com/natrongmbh/kubeidentity).  

The frontend is written in Next.js and the backend in GoLang.  

License: Apache 2.0



 


## Setup

You can deploy KubeIdentity in your Kubernetes cluster, but you have to set all the env variables.

- [kubernetes-example](/kubernetes/)

### Environment Variables

#### Frontend

- `ENV_GITHUB_CLIENT_ID` (required): Set the GitHub client ID.

- `ENV_GITHUB_REDIRECT_URI` (required): Set the GitHub redirect URI. (e.g. `https://`)

- `ENV_GITHUB_OAUTH_URI` (required): Set the GitHub OAuth URI. (e.g. `https:///api/auth/github`)

#### Backend

- `CORS` (optional): Set CORS headers for the API.  

  Default: `*`

- `JWT_SECRET_KEY` (optional): Set the JWT secret key.  

  Default: random string of 32 characters.

- `GITHUB_CALLBACK_URL` (optional): Set the callback URL for the GitHub OAuth.  

  Default: `http://localhost:8000/auth/github/callback`

- `GITHUB_CLIENT_ID` (required): Set the GitHub client ID.

- `GITHUB_CLIENT_SECRET` (required): Set the GitHub client secret.

- `GITHUB_ORGANIZATION` (required): Set the GitHub organization.

- `KUBEIDENTITY_NAMESPACE` (optional): Set the Kubernetes namespace, where the Service Accounts will be created. (it will be created if it doesn't exist)  

  Default: `kubeidentity`

- `DEFAULT_CLUSTER_ROLE` (optional): Set the default cluster role which gets assigned to every ServiceAccount.  

  Default: `edit`