This repo contains the things needed to set up Auth0 as the authentication/authorization backend for Kubernetes, using OpenID Connect.
After following this repo you should be able to:
- Use the Kubernetes Dashboard with authentication pass-thru
- Authenticate to kubectl using id tokens
- Kubernetes supports auto-updating creds using refresh tokens, but I haven't gotten that to work yet. This means that you'll have to update the token in your
kubeconfigfile when your current token expires in order forkubectlto keep working - Proper logout/session handling isn't implemented
- This documentation includes a full Kubernetes deployment using Kubelini, so all you need are two ubuntu 16.04 vms which you can access using ssh. The two vms need to be able to reach each other (so essentially on the same network).
- You need an active auth0 subscription, a free one is more than enough. You also need a user in auth0, for example by activating the Google integration, and using your gmail user. Or something.
- If you deploy your Kubernetes cluster using Kubelini, you need access to an S3 bucket.
1. Make the Auth0
2. Make the Kubernetes
3. Deploy kubernetes-dashboard and the mod_oidc proxy
4. Test OpenID Connect tokens with kubectl