Upgrade to Pro — share decks privately, control downloads, hide ads and more …

GitHub as an Authenticator

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Shimpei Otsubo Shimpei Otsubo
June 12, 2018
Technology
740
3

GitHub as an Authenticator

Avatar for Shimpei Otsubo

Shimpei Otsubo

June 12, 2018

More Decks by Shimpei Otsubo

See All by Shimpei Otsubo
Copy Kubernetes Clusters Really Fast
Avatar for Shimpei Otsubo potsbo
3
5.1k
Go と Wantedly の関係 / How Wantedly uses Go
Avatar for Shimpei Otsubo potsbo
1
890
Deploy Flow at Wantedly
Avatar for Shimpei Otsubo potsbo
2
1k
Wrap every method with just one line
Avatar for Shimpei Otsubo potsbo
1
5.5k
Zero yen Keyboard
Avatar for Shimpei Otsubo potsbo
6
3.3k
Kube - The core tool at Wantedly
Avatar for Shimpei Otsubo potsbo
1
8.2k
k8s - Kubernetes 8 Factors
Avatar for Shimpei Otsubo potsbo
12
11k
コンテンツ作成に集中するためのプレゼンテーション Tips / Presentation with Confidence
Avatar for Shimpei Otsubo potsbo
7
42k
ConfigMap vs Secret #k8sjp
Avatar for Shimpei Otsubo potsbo
1
1.4k

Other Decks in Technology

See All in Technology
I ran an automated simulation of fake news spread using OpenClaw.
Avatar for otsuka zzzzico
1
930
Strands Agents × Amazon Bedrock AgentCoreで パーソナルAIエージェントを作ろう
Avatar for yoko / Naoki Yokomachi yokomachi
2
160
ふりかえりを 「あそび」にしたら、 学習が勝手に進んだ / Playful Retros Drive Learning
Avatar for katoaz katoaz
0
100
Oracle AI Database@Azure:サービス概要のご紹介
Avatar for oracle4engineer oracle4engineer
PRO
6
1.4k
OpenClawでPM業務を自動化
Avatar for 西岡 賢一郎 (Kenichiro Nishioka) knishioka
2
390
マルチモーダル非構造データとの闘い
Avatar for shibuiwilliam shibuiwilliam
1
180
出版記念イベントin大阪「書籍紹介&私がよく使うMCPサーバー3選と社内で安全に活用する方法」
Avatar for KintoTech_Dev kintotechdev
0
150
ログ基盤・プラグイン・ダッシュボード、全部整えた。でも最後は人だった。
Avatar for Masaki Kubota makikub
2
240
【AWS】CloudTrail LakeとCloudWatch Logs Insightsの使い分け方針
Avatar for Yuma Tsurugasaki tsurunosd
0
130
Network Firewall Proxyで 自前プロキシを消し去ることができるのか
Avatar for ぐっさん gusandayo
0
190
Oracle AI Databaseデータベース・サービス: BaseDB/ExaDB-Dの可用性
Avatar for oracle4engineer oracle4engineer
PRO
1
120
Podcast配信で広がったアウトプットの輪~70人と音声発信してきた7年間~/outputconf_01
Avatar for FORTE fortegp05
0
230

Featured

See All Featured
Neural Spatial Audio Processing for Sound Field Analysis and Control
Avatar for NII S. Koyama's Lab skoyamalab
0
240
No one is an island. Learnings from fostering a developers community.
Avatar for Antonio thoeni
21
3.7k
Getting science done with accelerated Python computing platforms
Avatar for Jacob Tomlinson jacobtomlinson
2
160
Dominate Local Search Results - an insider guide to GBP, reviews, and Local SEO
Avatar for Greg Gifford greggifford
PRO
0
130
Easily Structure & Communicate Ideas using Wireframe
Avatar for Afnizar Nur Ghifari afnizarnur
194
17k
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
275
41k
Rails Girls Zürich Keynote
Avatar for Gregor Martynus gr2m
96
14k
Become a Pro
Avatar for Speaker Deck speakerdeck
PRO
31
5.9k
Leo the Paperboy
Avatar for Maya Tellez mayatellez
6
1.6k
Why You Should Never Use an ORM
Avatar for John Nunemaker jnunemaker
PRO
61
9.8k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
Avatar for Irina Nazarova irinanazarova
9
1.2k
JAMstack: Web Apps at Ludicrous Speed - All Things Open 2022
Avatar for David Neal reverentgeek
1
410

Transcript

  1. ©2018 Wantedly, Inc. GitHub as an Authenticator શ෦ GitHub Ͱ؅ཧͯ͠ΈΔ

    GitHub Satellite Tokyo LT 12.Jun.2018 - Shimpei Otsubo - @potsbo

  2. ©2018 Wantedly, Inc. ࣾһ໊฽Ͳ͏ͯ͠·͔͢ʁ ݖݶ؅ཧͲ͏ͯ͠·͔͢ʁ ৘ใڞ༗Ͳ͏ͯ͠·͔͢ʁ

  3. ©2018 Wantedly, Inc. શ෦GitHub ࣾһ໊฽Ͳ͏ͯ͠·͔͢ʁ ݖݶ؅ཧͲ͏ͯ͠·͔͢ʁ ৘ใڞ༗Ͳ͏ͯ͠·͔͢ʁ

  4. ©2018 Wantedly, Inc. GitHub ๏຿ ࣾ಺͸ͳΜͰ΋(JU)VC (JU)VCΛ࢖ͬͯ๏຿ίϛϡχέʔγϣϯͷεϐʔυΛഒʹͨ͠࿩ ৘ใڞ༗͜͏ͯ͠·͢ IUUQTXXXXBOUFEMZDPNDPNQBOJFTXBOUFEMZQPTU@BSUJDMFT ʮJTTVFͭͬͨ͘ʁʯ

    ίʔυϨϏϡʔه࿥ٞ࿦ேձ໨ඪ݁Ռʜ ࣾ಺શһ(JU)VC ೖࣾϑϩʔ͸(JU)VCΞΧ΢ϯτͷ࡞੒͔Β

  5. ©2018 Wantedly, Inc. ૊৫্ͷνʔϜͱ(JU)VCͷνʔϜ͕ରԠ infrastructure full-time-employee visit people short-term-intern long-term-intern

    engineers ଐੑ΋؅ཧ ૊৫ߏ੒ ruby … … ࣾһ໊฽͜͏ͯ͠·͢

  6. ©2018 Wantedly, Inc. (JU)VC5FBNΛϕʔεʹೝՄ )3ͷϑϩʔʹ৐Δ͚ͩͰྑ͍ ݖݶͷ֎͠๨Ε͕ͳ͍ e.g. full-time-employee => ok

    org ͔Β֎ͤ͹ࣗಈతʹશݖݶΛ revoke Ͱ͖Δ HR ͷೖୀࣾϑϩʔͰେମok ݖݶ؅ཧ͜͏ͯ͠·͢

  7. ©2018 Wantedly, Inc. ssh Results K public key ಛఆͷνʔϜͷਓ͚ͩTTIΛڐՄ͍ͨ͠ kenmon

    ssh Production Results K enmon ݕ໰ ಛఆteam ʹೖ͍ͬͯΔͱ production access ΁ͷ ssh ΛڐՄ SSH Proxy with GitHub Private Keys by wantedly

  8. ©2018 Wantedly, Inc.  એݴ͞Εͨ6TFSOBNFͷެ։伴ͰϩάΠϯ  ಛఆͷ5FBNॴଐ͔Λ͔֬ΊΔ  ໨తͷ4FSWFS΁ͷ44)ΛڐՄ ಛఆͷνʔϜͷਓ͚ͩTTIΛڐՄ͍ͨ͠

    ssh Results K public key kenmon ssh Production Results

  9. ©2018 Wantedly, Inc. Team ͝ͱʹҟͳΔk8sͷૢ࡞ΛڐՄ͍ͨ͠ G Token Token Teams Groups

    RBAC!! genmon TokenReview G enmon ݳ໳ ֤ team ʹରͯ͠ ద੾ͳݖݶΛ෇༩ by wantedly Webhook token authenticator for Kubernetes Results Token

  10. ©2018 Wantedly, Inc.  %BFNPO4FUͰ֤NBTUFSʹHFONPO͕ଘࡏ  8FCIPPL"VUIFOUJDBUJPOͰHFONPO΁  5FBN(SPVQͱͯ͠ѻ͍3#"$ https://github.com/appscode/guard

    https://github.com/oursky/kubernetes-github-authn ࢀߟ࣮૷ https://kubernetes.io/docs/admin/authentication/#webhook-token-authentication Role Based Access Control Team ͝ͱʹҟͳΔk8sͷૢ࡞ΛڐՄ͍ͨ͠ G Token Token Teams Groups RBAC!! genmon TokenReview Results Token

  11. ©2018 Wantedly, Inc. K enmon ݕ໰ ಛఆteam ʹೖ͍ͬͯΔͱ production access

    ΁ͷ ssh ΛڐՄ G enmon ݳ໳ ֤ team ʹରͯ͠ ద੾ͳݖݶΛ෇༩ by wantedly SSH Proxy with GitHub Private Keys Webhook token authenticator for Kubernetes by wantedly

  12. ©2018 Wantedly, Inc. ࣾ಺શһGitHubʹೖΕͪΌ͓͏ GitHubΛೝূαʔϏεͱͯ͠࢖͓͏ ૊৫ߏ଄ͱTeamߏ଄Λ߹ΘͤΑ͏ Summary