https://github.com/rwxrob/klogin

Customizable kubectl login plugin template.
https://github.com/rwxrob/klogin

Last synced: 10 months ago
JSON representation

Customizable kubectl login plugin template.

• Host: GitHub
• URL: https://github.com/rwxrob/klogin
• Owner: rwxrob
• License: other
• Created: 2023-06-20T20:03:45.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2023-09-08T20:09:08.000Z (over 2 years ago)
• Last Synced: 2024-10-11T01:38:23.723Z (over 1 year ago)
• Language: Go
• Size: 57.6 KB
• Stars: 5
• Watchers: 2
• Forks: 0
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Kubernetes `klogin` command

* Authenticate using OIDC Resource Owner Password Flow (usually backed by LDAP).

* Hard-coded cluster authentication info (`internal/clusters`).

* Assumes host already trusts OIDC issuer URL (TLS certificate).

* Always sets `certificate-authority-data` per cluster.

## Differences from previous versions

* Uses TLS certificate validation for all OIDC queries preventing potential man

  in the middle attacks (instead of `insecure-skip-tls-verify` which so many do

  by default).

* Corrects a problem preventing Kubernetes dashboard from working with `kubectl

  proxy` in previous versions.

* Allows easily changing between different user names for a given cluster.

* Respects existing configurations (other than those reserved in

  `internal/clusters`) including the Namespace of any context.

* Uses simplified 24-hour OIDC JWT (`id_token`) authentication and cleans up

  old authentication data from configuration file(s) for reserved

  cluster/contexts.

* Adds tab completion support for more shells than just bash (zsh, fish, and

  PowerShell).

* Uses (only) official and industry-standard Kubernetes packages:

    * `k8s.io/cli-runtime`

    * `k8s.io/client-go`

    * `github.com/coreos/go-oidc/v3/oidc`

    * `github.com/spf13/cobra`

* Observes and respects use of multi-file list path values in KUBECONFIG

  environment variable (same as kubectl).

* Contains zero `execs` of the `kubectl config` program other than to display contexts.

## Legal

Released under Apache 2.0.

## Related

* Resource Owner Password Flow with OIDC  

  

* OAuth 2.0 and OpenID Connect Overview \| Okta Developer