Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
GitHub as an Authenticator
Search
Shimpei Otsubo
June 12, 2018
Technology
3
680
GitHub as an Authenticator
Shimpei Otsubo
June 12, 2018
Tweet
Share
More Decks by Shimpei Otsubo
See All by Shimpei Otsubo
Copy Kubernetes Clusters Really Fast
potsbo
3
4.4k
Go と Wantedly の関係 / How Wantedly uses Go
potsbo
1
840
Deploy Flow at Wantedly
potsbo
2
940
Wrap every method with just one line
potsbo
1
4.7k
Zero yen Keyboard
potsbo
6
3.2k
Kube - The core tool at Wantedly
potsbo
1
7.8k
k8s - Kubernetes 8 Factors
potsbo
12
11k
コンテンツ作成に集中するためのプレゼンテーション Tips / Presentation with Confidence
potsbo
7
41k
ConfigMap vs Secret #k8sjp
potsbo
1
1.4k
Other Decks in Technology
See All in Technology
Autonomous Database - Dedicated 技術詳細 / adb-d_technical_detail_jp
oracle4engineer
PRO
4
10k
Webブラウザ向け動画配信プレイヤーの 大規模リプレイスから得た知見と学び
yud0uhu
0
230
【NoMapsTECH 2025】AI Edge Computing Workshop
akit37
0
190
品質視点から考える組織デザイン/Organizational Design from Quality
mii3king
0
200
テストを軸にした生き残り術
kworkdev
PRO
0
210
今!ソフトウェアエンジニアがハードウェアに手を出すには
mackee
12
4.8k
【実演版】カンファレンス登壇者・スタッフにこそ知ってほしいマイクの使い方 / 大吉祥寺.pm 2025
arthur1
1
870
react-callを使ってダイヤログをいろんなとこで再利用しよう!
shinaps
1
240
S3アクセス制御の設計ポイント
tommy0124
3
200
AIエージェント開発用SDKとローカルLLMをLINE Botと組み合わせてみた / LINEを使ったLT大会 #14
you
PRO
0
120
なぜテストマネージャの視点が 必要なのか? 〜 一歩先へ進むために 〜
moritamasami
0
220
AI時代を生き抜くエンジニアキャリアの築き方 (AI-Native 時代、エンジニアという道は 「最大の挑戦の場」となる) / Building an Engineering Career to Thrive in the Age of AI (In the AI-Native Era, the Path of Engineering Becomes the Ultimate Arena of Challenge)
jeongjaesoon
0
160
Featured
See All Featured
How STYLIGHT went responsive
nonsquared
100
5.8k
Building an army of robots
kneath
306
46k
Writing Fast Ruby
sferik
628
62k
Being A Developer After 40
akosma
90
590k
Java REST API Framework Comparison - PWX 2021
mraible
33
8.8k
Become a Pro
speakerdeck
PRO
29
5.5k
4 Signs Your Business is Dying
shpigford
184
22k
What's in a price? How to price your products and services
michaelherold
246
12k
Code Review Best Practice
trishagee
70
19k
How to Ace a Technical Interview
jacobian
279
23k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
9
810
Product Roadmaps are Hard
iamctodd
PRO
54
11k
Transcript
©2018 Wantedly, Inc. GitHub as an Authenticator શ෦ GitHub Ͱཧͯ͠ΈΔ
GitHub Satellite Tokyo LT 12.Jun.2018 - Shimpei Otsubo - @potsbo
©2018 Wantedly, Inc. ࣾһ໊Ͳ͏ͯ͠·͔͢ʁ ݖݶཧͲ͏ͯ͠·͔͢ʁ ใڞ༗Ͳ͏ͯ͠·͔͢ʁ
©2018 Wantedly, Inc. શ෦GitHub ࣾһ໊Ͳ͏ͯ͠·͔͢ʁ ݖݶཧͲ͏ͯ͠·͔͢ʁ ใڞ༗Ͳ͏ͯ͠·͔͢ʁ
©2018 Wantedly, Inc. GitHub ๏ ࣾͳΜͰ(JU)VC (JU)VCΛͬͯ๏ίϛϡχέʔγϣϯͷεϐʔυΛഒʹͨ͠ ใڞ༗͜͏ͯ͠·͢ IUUQTXXXXBOUFEMZDPNDPNQBOJFTXBOUFEMZQPTU@BSUJDMFT ʮJTTVFͭͬͨ͘ʁʯ
ίʔυϨϏϡʔهٞேձඪ݁Ռʜ ࣾશһ(JU)VC ೖࣾϑϩʔ(JU)VCΞΧϯτͷ࡞͔Β
©2018 Wantedly, Inc. ৫্ͷνʔϜͱ(JU)VCͷνʔϜ͕ରԠ infrastructure full-time-employee visit people short-term-intern long-term-intern
engineers ଐੑཧ ৫ߏ ruby … … ࣾһ໊͜͏ͯ͠·͢
©2018 Wantedly, Inc. (JU)VC5FBNΛϕʔεʹೝՄ )3ͷϑϩʔʹΔ͚ͩͰྑ͍ ݖݶͷ֎͠Ε͕ͳ͍ e.g. full-time-employee => ok
org ͔Β֎ͤࣗಈతʹશݖݶΛ revoke Ͱ͖Δ HR ͷೖୀࣾϑϩʔͰେମok ݖݶཧ͜͏ͯ͠·͢
©2018 Wantedly, Inc. ssh Results K public key ಛఆͷνʔϜͷਓ͚ͩTTIΛڐՄ͍ͨ͠ kenmon
ssh Production Results K enmon ݕ ಛఆteam ʹೖ͍ͬͯΔͱ production access ͷ ssh ΛڐՄ SSH Proxy with GitHub Private Keys by wantedly
©2018 Wantedly, Inc. એݴ͞Εͨ6TFSOBNFͷެ։伴ͰϩάΠϯ ಛఆͷ5FBNॴଐ͔Λ͔֬ΊΔ తͷ4FSWFSͷ44)ΛڐՄ ಛఆͷνʔϜͷਓ͚ͩTTIΛڐՄ͍ͨ͠
ssh Results K public key kenmon ssh Production Results
©2018 Wantedly, Inc. Team ͝ͱʹҟͳΔk8sͷૢ࡞ΛڐՄ͍ͨ͠ G Token Token Teams Groups
RBAC!! genmon TokenReview G enmon ݳ ֤ team ʹରͯ͠ దͳݖݶΛ༩ by wantedly Webhook token authenticator for Kubernetes Results Token
©2018 Wantedly, Inc. %BFNPO4FUͰ֤NBTUFSʹHFONPO͕ଘࡏ 8FCIPPL"VUIFOUJDBUJPOͰHFONPO 5FBN(SPVQͱͯ͠ѻ͍3#"$ https://github.com/appscode/guard
https://github.com/oursky/kubernetes-github-authn ࢀߟ࣮ https://kubernetes.io/docs/admin/authentication/#webhook-token-authentication Role Based Access Control Team ͝ͱʹҟͳΔk8sͷૢ࡞ΛڐՄ͍ͨ͠ G Token Token Teams Groups RBAC!! genmon TokenReview Results Token
©2018 Wantedly, Inc. K enmon ݕ ಛఆteam ʹೖ͍ͬͯΔͱ production access
ͷ ssh ΛڐՄ G enmon ݳ ֤ team ʹରͯ͠ దͳݖݶΛ༩ by wantedly SSH Proxy with GitHub Private Keys Webhook token authenticator for Kubernetes by wantedly
©2018 Wantedly, Inc. ࣾશһGitHubʹೖΕͪΌ͓͏ GitHubΛೝূαʔϏεͱ͓ͯ͠͏ ৫ߏͱTeamߏΛ߹ΘͤΑ͏ Summary