Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
GitHub as an Authenticator
Search
Shimpei Otsubo
June 12, 2018
Technology
3
650
GitHub as an Authenticator
Shimpei Otsubo
June 12, 2018
Tweet
Share
More Decks by Shimpei Otsubo
See All by Shimpei Otsubo
Copy Kubernetes Clusters Really Fast
potsbo
3
4.1k
Go と Wantedly の関係 / How Wantedly uses Go
potsbo
1
800
Deploy Flow at Wantedly
potsbo
2
870
Wrap every method with just one line
potsbo
1
4.5k
Zero yen Keyboard
potsbo
6
3.1k
Kube - The core tool at Wantedly
potsbo
1
7.4k
k8s - Kubernetes 8 Factors
potsbo
12
10k
コンテンツ作成に集中するためのプレゼンテーション Tips / Presentation with Confidence
potsbo
7
39k
ConfigMap vs Secret #k8sjp
potsbo
1
1.3k
Other Decks in Technology
See All in Technology
Oracle Database Technology Night #87-1 : Exadata Database Service on Exascale Infrastructure(ExaDB-XS)サービス詳細
oracle4engineer
PRO
1
210
Apache Iceberg Case Study in LY Corporation
lycorptech_jp
PRO
0
370
Amazon Aurora のバージョンアップ手法について
smt7174
2
180
データモデルYANGの処理系を再発明した話
tjmtrhs
0
240
日経のデータベース事業とElasticsearch
hinatades
PRO
0
260
プルリクエストレビューを終わらせるためのチーム体制 / The Team for Completing Pull Request Reviews
nekonenene
3
1k
1行のコードから社会課題の解決へ: EMの探究、事業・技術・組織を紡ぐ実践知 / EM Conf 2025
9ma3r
12
4.7k
Aurora PostgreSQLがCloudWatch Logsに 出力するログの課金を削減してみる #jawsdays2025
non97
1
240
Introduction to OpenSearch Project - Search Engineering Tech Talk 2025 Winter
tkykenmt
2
210
OPENLOGI Company Profile for engineer
hr01
1
20k
フォーイット_エンジニア向け会社紹介資料_Forit_Company_Profile.pdf
forit_tech
1
1.7k
役員・マネージャー・著者・エンジニアそれぞれの立場から見たAWS認定資格
nrinetcom
PRO
4
6.7k
Featured
See All Featured
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
2.1k
Building Better People: How to give real-time feedback that sticks.
wjessup
367
19k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
49k
Being A Developer After 40
akosma
89
590k
Documentation Writing (for coders)
carmenintech
68
4.6k
Testing 201, or: Great Expectations
jmmastey
42
7.2k
Practical Orchestrator
shlominoach
186
10k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
100
18k
Done Done
chrislema
182
16k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
160
15k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
46
2.4k
Transcript
©2018 Wantedly, Inc. GitHub as an Authenticator શ෦ GitHub Ͱཧͯ͠ΈΔ
GitHub Satellite Tokyo LT 12.Jun.2018 - Shimpei Otsubo - @potsbo
©2018 Wantedly, Inc. ࣾһ໊Ͳ͏ͯ͠·͔͢ʁ ݖݶཧͲ͏ͯ͠·͔͢ʁ ใڞ༗Ͳ͏ͯ͠·͔͢ʁ
©2018 Wantedly, Inc. શ෦GitHub ࣾһ໊Ͳ͏ͯ͠·͔͢ʁ ݖݶཧͲ͏ͯ͠·͔͢ʁ ใڞ༗Ͳ͏ͯ͠·͔͢ʁ
©2018 Wantedly, Inc. GitHub ๏ ࣾͳΜͰ(JU)VC (JU)VCΛͬͯ๏ίϛϡχέʔγϣϯͷεϐʔυΛഒʹͨ͠ ใڞ༗͜͏ͯ͠·͢ IUUQTXXXXBOUFEMZDPNDPNQBOJFTXBOUFEMZQPTU@BSUJDMFT ʮJTTVFͭͬͨ͘ʁʯ
ίʔυϨϏϡʔهٞேձඪ݁Ռʜ ࣾશһ(JU)VC ೖࣾϑϩʔ(JU)VCΞΧϯτͷ࡞͔Β
©2018 Wantedly, Inc. ৫্ͷνʔϜͱ(JU)VCͷνʔϜ͕ରԠ infrastructure full-time-employee visit people short-term-intern long-term-intern
engineers ଐੑཧ ৫ߏ ruby … … ࣾһ໊͜͏ͯ͠·͢
©2018 Wantedly, Inc. (JU)VC5FBNΛϕʔεʹೝՄ )3ͷϑϩʔʹΔ͚ͩͰྑ͍ ݖݶͷ֎͠Ε͕ͳ͍ e.g. full-time-employee => ok
org ͔Β֎ͤࣗಈతʹશݖݶΛ revoke Ͱ͖Δ HR ͷೖୀࣾϑϩʔͰେମok ݖݶཧ͜͏ͯ͠·͢
©2018 Wantedly, Inc. ssh Results K public key ಛఆͷνʔϜͷਓ͚ͩTTIΛڐՄ͍ͨ͠ kenmon
ssh Production Results K enmon ݕ ಛఆteam ʹೖ͍ͬͯΔͱ production access ͷ ssh ΛڐՄ SSH Proxy with GitHub Private Keys by wantedly
©2018 Wantedly, Inc. એݴ͞Εͨ6TFSOBNFͷެ։伴ͰϩάΠϯ ಛఆͷ5FBNॴଐ͔Λ͔֬ΊΔ తͷ4FSWFSͷ44)ΛڐՄ ಛఆͷνʔϜͷਓ͚ͩTTIΛڐՄ͍ͨ͠
ssh Results K public key kenmon ssh Production Results
©2018 Wantedly, Inc. Team ͝ͱʹҟͳΔk8sͷૢ࡞ΛڐՄ͍ͨ͠ G Token Token Teams Groups
RBAC!! genmon TokenReview G enmon ݳ ֤ team ʹରͯ͠ దͳݖݶΛ༩ by wantedly Webhook token authenticator for Kubernetes Results Token
©2018 Wantedly, Inc. %BFNPO4FUͰ֤NBTUFSʹHFONPO͕ଘࡏ 8FCIPPL"VUIFOUJDBUJPOͰHFONPO 5FBN(SPVQͱͯ͠ѻ͍3#"$ https://github.com/appscode/guard
https://github.com/oursky/kubernetes-github-authn ࢀߟ࣮ https://kubernetes.io/docs/admin/authentication/#webhook-token-authentication Role Based Access Control Team ͝ͱʹҟͳΔk8sͷૢ࡞ΛڐՄ͍ͨ͠ G Token Token Teams Groups RBAC!! genmon TokenReview Results Token
©2018 Wantedly, Inc. K enmon ݕ ಛఆteam ʹೖ͍ͬͯΔͱ production access
ͷ ssh ΛڐՄ G enmon ݳ ֤ team ʹରͯ͠ దͳݖݶΛ༩ by wantedly SSH Proxy with GitHub Private Keys Webhook token authenticator for Kubernetes by wantedly
©2018 Wantedly, Inc. ࣾશһGitHubʹೖΕͪΌ͓͏ GitHubΛೝূαʔϏεͱ͓ͯ͠͏ ৫ߏͱTeamߏΛ߹ΘͤΑ͏ Summary