©2018 Wantedly, Inc. GitHub Team Based Access Control Kubernetes ʹ͓͚Δ࠷ߴͷೝূϑϩʔΛຊؾͰߟ͑௚ͯ͠Έͨ Kubernetes Meetup Tokyo #11 17.May.2018 - Shimpei Otsubo - @potsbo

©2018 Wantedly, Inc. Wantedly ͷ ։ൃࣄ৘ GitHub ΊͬͪΌ࢖͏ ΞϓϦΤϯδχΞLVCFDUMΊͬͪΌ࢖͏ ΊͬͪΌࣗಈԽ͢Δ ˞؆ུ൛XSBQQFS ऑ͍ݖݶ΋΄͍͠ʜ ࣾ಺શһ(JU)VC 5FBNຖʹݖݶΛ੍ݶ

©2018 Wantedly, Inc. ୡ੒͍ͨ͜͠ͱ͕͋Δ GitHub ͷࣾ಺ϑϩʔʹ৐Γ͍ͨʂʂ ؾܰʹΞΫηεݖΛ෇༩͍ͨ͠ʂʂ $*ʹ͸࠷௿ݶͷݖݶΛ෇༩͍ͨ͠ʂʂ ݱঢ়͸"MMPS/PUIJOHͳͷͰΠϯλʔϯ͕೉͍͠ʜ ʮʙͷݖݶΛ͍ͩ͘͞ʯΛ)3ʹ೚͍ͤͨ

©2018 Wantedly, Inc. G enmon ݳ໳ ͍ΖΜͳνʔϜʹ ͍ΖΜͳݖݶΛ NEW!! GitHub ͷࣾ಺ϑϩʔΛLTͰ΋࢖͏(JU)VC5PLFOΛ౤͛Δ͚ͩ ؾܰʹ෇༩Ͱ͖ΔΑ͏ʹ by wantedly G Token Token Token Teams Groups RBAC!! Results genmon TokenReview

©2018 Wantedly, Inc. %BFNPO4FUͰ֤NBTUFSʹHFONPO͕ଘࡏ 8FCIPPL"VUIFOUJDBUJPOͰHFONPO΁ 5FBN(SPVQͱͯ͠ѻ͍3#"$ Architecture https://github.com/appscode/guard https://github.com/oursky/kubernetes-github-authn ࢀߟ࣮૷ https://kubernetes.io/docs/admin/authentication/#webhook-token-authentication Role Based Access Control G Token Token Token Teams Groups RBAC!! Results genmon TokenReview

©2018 Wantedly, Inc. Examples deploybot deployer deployment-patcher potsbo intern-short view user Team Role potsbo infrastructure cluster-admin ඞཁ࠷௿ݶͷݖݶͷΈΛ෇༩

©2018 Wantedly, Inc. ࣾ಺ͷ GitHub ͷطଘϑϩʔʹ৐ͬͨ·· LVCFDUMͰ(JU)VC5PLFOΛૹΔ͚ͩͰ 3#"$Ͱ୭ʹͰ΋ඞཁे෼ͳݖݶΛ෇༩ ΠϯλʔϯͰ΋ $PSQPSBUF͕ߦ͍ͬͯΔ(JU)VCͷઃఆ͕ͦͷ··࢖͑Δ ,VCFSOFUFTʹ͓͚Δ࠷ߴͷೝূϑϩʔΛຊؾͰߟ͑௚ͯ͠Έͨ݁Ռ