geek-cookbook/docs/blog/posts/changelog/updatetd-kubernetes-design-with-oidc-authentik.md at a7373c24433e14bc0a0f6fdd70c2ff5aa46c74b5

mirror of https://github.com/funkypenguin/geek-cookbook/ synced 2025-12-12 17:26:19 +00:00

Files

David Young a7373c2443 Add blog post on addition of Kubernetes OIDC auth

Signed-off-by: David Young <davidy@funkypenguin.co.nz>

2023-11-03 23:21:06 +13:00

1.2 KiB

Raw Blame History

date, categories, tags, links, description, title

date

tags

links

description

title

2023-11-03

CHANGELOG

authentik

kubernetes

OIDC Authentication
kubernetes/oidc-authentication/index.md

K3s OIDC with authentic
kubernetes/oidc-authentication/k3s-authentik.md

EKS OIDC with authentic
kubernetes/oidc-authentication/eks-authentik.md

Using authentic to provide OIDC auth to a Kubernetes cluster

Authentic-ate yourself to your Kubernetes cluster

Following up on our recent [authentik][k8s/authentik] recipe, I've updated our Kubernetes "Essentials" section to include cluster OIDC authentication, provided by authentik (among others).

Why bother with OIDC cluster authentication?

Consider the following downsides to a single, static, long-lived credential:

It can get stolen
It can't be shared (you might want to give your team access to the cluster, or even a limited subset of admin access)
It can't be MFA'd
Using it for the Kubernetes Dashboard (copying and pasting a token into a browser window) is a huge PITA

For the multi-step process to address all of this, see our Kubernetes OIDC Authentication guide!

--8<-- "common-links.md"

1.2 KiB Raw Blame History

Authentic-ate yourself to your Kubernetes cluster

Why bother with OIDC cluster authentication?

1.2 KiB

Raw Blame History