GitHub Authentication for Kubernetes — a Step-by-Step Guide

What Is SSO for Kubernetes?

SSO for Kubernetes is the integration of SSO in your Kubernetes cluster. It allows developers to authenticate using their credentials from the authorized identity providers that you have configured in your cluster.

Implementing GitHub SSO for Kubernetes

You’re going to implement GitHub SSO in a Kubernetes cluster. For this tutorial, you will set up the cluster using minikube. Check the documentation to see how to set up minikube on your computer. You’ll also need a GitHub account. If you don’t have one, go ahead and create one.

Configuring Loft in Your Cluster

Open your terminal and start a cluster using minikube:

minikube start
# Mac terminal

curl -s -L "https://github.com/loft-sh/loft/releases/latest" | sed -nE 's!.*"([^"]*loft-darwin-amd64)".*!https://github.com\1!p' | xargs -n 1 curl -L -o loft && chmod +x loft;

sudo mv loft /usr/local/bin;
# Linux Bash

curl -s -L "https://github.com/loft-sh/loft/releases/latest" | sed -nE 's!.*"([^"]*loft-linux-amd64)".*!https://github.com\1!p' | xargs -n 1 curl -L -o loft && chmod +x loft;

sudo mv loft /usr/local/bin;
# Windows PowerShell

md -Force "$Env:APPDATA\loft"; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]'Tls,Tls11,Tls12';

Invoke-WebRequest -UseBasicParsing ((Invoke-WebRequest -URI "https://github.com/loft-sh/loft/releases/latest" -UseBasicParsing).Content -replace "(?ms).*`"([^`"]*loft-windows-amd64.exe)`".*","https://github.com/`$1") -o $Env:APPDATA\loft\loft.exe;

$env:Path += ";" + $Env:APPDATA + "\loft";

[Environment]::SetEnvironmentVariable("Path", $env:Path, [System.EnvironmentVariableTarget]::User);

# Ensure you add the folder %APPDATA%\loft to the PATH environment variable after installation, then reboot your computer afterward.
loft start
loft reset password
loft login https://localhost:9898  --insecure

Configuring GitHub with Loft

Create a new OAuth app with the following information:

auth:
github:
clientId: $CLIENTID
clientSecret: $CLIENTSECRET
redirectURI: $CALLBACK_URL
loft start
loft login https://localhost:9898  --insecure

Impersonating a Developer

Now, pretend you’re a developer who wants to access your company’s Kubernetes cluster using your GitHub account.

Granting Developers Access to a Cluster

Once a developer authenticates via GitHub SSO, you will have to assign the developer to the cluster. To do this, log in to your Loft dashboard using your admin credentials. Go to the Users page; the developer you impersonated via SSO is now present:

loft use cluster [NAME_OF_CLUSTER]

Conclusion

Integrating SSO in your Kubernetes cluster can improve the workflow for all users of the clusters, including developers and administrators. The administrators don’t need to do as much work configuring developers for authentication to the cluster they manage, and developers can use the same authentication credentials they use with their other work apps to authenticate into their company’s cluster. Integrating Loft with GitHub SSO helps you improve the developer experience (DX) of your cluster.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Loft Labs

Loft Labs

637 Followers

>> www.loft.sh << Build Your Internal Kubernetes Platform With Virtual Clusters, Namespace Self-Service & Secure Multi-Tenancy