From a7373c24433e14bc0a0f6fdd70c2ff5aa46c74b5 Mon Sep 17 00:00:00 2001 From: David Young Date: Fri, 3 Nov 2023 23:21:06 +1300 Subject: [PATCH] Add blog post on addition of Kubernetes OIDC auth Signed-off-by: David Young --- ...d-kubernetes-design-with-oidc-authentik.md | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 docs/blog/posts/changelog/updatetd-kubernetes-design-with-oidc-authentik.md diff --git a/docs/blog/posts/changelog/updatetd-kubernetes-design-with-oidc-authentik.md b/docs/blog/posts/changelog/updatetd-kubernetes-design-with-oidc-authentik.md new file mode 100644 index 0000000..bfe4e6c --- /dev/null +++ b/docs/blog/posts/changelog/updatetd-kubernetes-design-with-oidc-authentik.md @@ -0,0 +1,33 @@ +--- +date: 2023-11-03 +categories: + - CHANGELOG +tags: + - authentik + - kubernetes +links: + - OIDC Authentication: kubernetes/oidc-authentication/index.md + - K3s OIDC with authentic: kubernetes/oidc-authentication/k3s-authentik.md + - EKS OIDC with authentic: kubernetes/oidc-authentication/eks-authentik.md +description: Using authentic to provide OIDC auth to a Kubernetes cluster +title: Authentic-ate yourself to your Kubernetes cluster +--- + +# Authentic-ate yourself to your Kubernetes cluster + +Following up on our recent [authentik][k8s/authentik] recipe, I've updated our Kubernetes "Essentials" section to include cluster OIDC authentication, provided by authentik (among others). + + + +## Why bother with OIDC cluster authentication? + +Consider the following downsides to a single, static, long-lived credential: + +1. It can get stolen +2. It can't be shared (*you might want to give your team access to the cluster, or even a limited subset of admin access*) +3. It can't be MFA'd +4. Using it for the Kubernetes Dashboard (*copying and pasting a token into a browser window*) is a huge PITA + +For the multi-step process to address all of this, see our [Kubernetes OIDC Authentication guide](/kubernetes/oidc-authentication/)! + +--8<-- "common-links.md" \ No newline at end of file