Upgrade to Pro — share decks privately, control downloads, hide ads and more …

GitHub as an Authenticator

Shimpei Otsubo
June 12, 2018
Technology
3
560

GitHub as an Authenticator

Shimpei Otsubo

June 12, 2018
Tweet

More Decks by Shimpei Otsubo

See All by Shimpei Otsubo
Copy Kubernetes Clusters Really Fast
potsbo
3
1.9k
Go と Wantedly の関係 / How Wantedly uses Go
potsbo
1
560
Deploy Flow at Wantedly
potsbo
2
520
Wrap every method with just one line
potsbo
1
2.3k
Zero yen Keyboard
potsbo
6
2.4k
Kube - The core tool at Wantedly
potsbo
1
4.5k
k8s - Kubernetes 8 Factors
potsbo
12
8.7k
コンテンツ作成に集中するためのプレゼンテーション Tips / Presentation with Confidence
potsbo
5
24k
ConfigMap vs Secret #k8sjp
potsbo
1
980

Other Decks in Technology

See All in Technology
週刊タイピングは役に立たない
chizuchizu
0
120
【Oracle Cloud ウェビナー】一目瞭然!Microsoft Azureから使える、新しいOracle DatabaseのPaaSサービスを使ってみよう!(2022年9月21日)
oracle4engineer
PRO
0
120
All About Regular Expressions
jadeallenx
1
110
AWS ソリューションで車輪の再発明をしない生活
track3jyo
PRO
3
920
IIJmio meeting 33 無線通信の世界~第一弾:無線通信とは?~
iij_techlog
1
3.1k
リリースした製品のユーザー問い合わせ対応負荷を減らす施策例
bitkey
PRO
0
130
カラーミーショップの改善におけるSRE活動について
homirun
0
200
A Commerce-Centric Take on Queueing Fairly at High Throughput
martelogan
1
210
SAP Community and Developer Update
sygyzmundovych
0
210
重新想像:如何做技術選型決策 / Rethinking : Technical Decision
yftzeng
2
280
フレームワークのソースコードから知識を深める
weistom
0
340
Building smarter apps with machine learning, from magic to reality
picardparis
4
3.3k

Featured

See All Featured
The MySQL Ecosystem @ GitHub 2015
samlambert
239
11k
Designing on Purpose - Digital PM Summit 2013
jponch
107
5.7k
Ruby is Unlike a Banana
tanoku
91
9.3k
How GitHub Uses GitHub to Build GitHub
holman
465
280k
The Web Native Designer (August 2011)
paulrobertlloyd
75
2k
Design by the Numbers
sachag
271
17k
Put a Button on it: Removing Barriers to Going Fast.
kastner
56
2.4k
Web development in the modern age
philhawksworth
197
9.4k
It's Worth the Effort
3n
173
26k
JazzCon 2018 Closing Keynote - Leadership for the Reluctant Leader
reverentgeek
174
8.7k
Atom: Resistance is Futile
akmur
255
23k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
37
3.4k

Transcript

  1. ©2018 Wantedly, Inc. GitHub as an Authenticator શ෦ GitHub Ͱ؅ཧͯ͠ΈΔ

    GitHub Satellite Tokyo LT 12.Jun.2018 - Shimpei Otsubo - @potsbo

  2. ©2018 Wantedly, Inc. ࣾһ໊฽Ͳ͏ͯ͠·͔͢ʁ ݖݶ؅ཧͲ͏ͯ͠·͔͢ʁ ৘ใڞ༗Ͳ͏ͯ͠·͔͢ʁ

  3. ©2018 Wantedly, Inc. શ෦GitHub ࣾһ໊฽Ͳ͏ͯ͠·͔͢ʁ ݖݶ؅ཧͲ͏ͯ͠·͔͢ʁ ৘ใڞ༗Ͳ͏ͯ͠·͔͢ʁ

  4. ©2018 Wantedly, Inc. GitHub ๏຿ ࣾ಺͸ͳΜͰ΋(JU)VC (JU)VCΛ࢖ͬͯ๏຿ίϛϡχέʔγϣϯͷεϐʔυΛഒʹͨ͠࿩ ৘ใڞ༗͜͏ͯ͠·͢ IUUQTXXXXBOUFEMZDPNDPNQBOJFTXBOUFEMZQPTU@BSUJDMFT ʮJTTVFͭͬͨ͘ʁʯ

    ίʔυϨϏϡʔه࿥ٞ࿦ேձ໨ඪ݁Ռʜ ࣾ಺શһ(JU)VC ೖࣾϑϩʔ͸(JU)VCΞΧ΢ϯτͷ࡞੒͔Β

  5. ©2018 Wantedly, Inc. ૊৫্ͷνʔϜͱ(JU)VCͷνʔϜ͕ରԠ infrastructure full-time-employee visit people short-term-intern long-term-intern

    engineers ଐੑ΋؅ཧ ૊৫ߏ੒ ruby … … ࣾһ໊฽͜͏ͯ͠·͢

  6. ©2018 Wantedly, Inc. (JU)VC5FBNΛϕʔεʹೝՄ )3ͷϑϩʔʹ৐Δ͚ͩͰྑ͍ ݖݶͷ֎͠๨Ε͕ͳ͍ e.g. full-time-employee => ok

    org ͔Β֎ͤ͹ࣗಈతʹશݖݶΛ revoke Ͱ͖Δ HR ͷೖୀࣾϑϩʔͰେମok ݖݶ؅ཧ͜͏ͯ͠·͢

  7. ©2018 Wantedly, Inc. ssh Results K public key ಛఆͷνʔϜͷਓ͚ͩTTIΛڐՄ͍ͨ͠ kenmon

    ssh Production Results K enmon ݕ໰ ಛఆteam ʹೖ͍ͬͯΔͱ production access ΁ͷ ssh ΛڐՄ SSH Proxy with GitHub Private Keys by wantedly

  8. ©2018 Wantedly, Inc.  એݴ͞Εͨ6TFSOBNFͷެ։伴ͰϩάΠϯ  ಛఆͷ5FBNॴଐ͔Λ͔֬ΊΔ  ໨తͷ4FSWFS΁ͷ44)ΛڐՄ ಛఆͷνʔϜͷਓ͚ͩTTIΛڐՄ͍ͨ͠

    ssh Results K public key kenmon ssh Production Results

  9. ©2018 Wantedly, Inc. Team ͝ͱʹҟͳΔk8sͷૢ࡞ΛڐՄ͍ͨ͠ G Token Token Teams Groups

    RBAC!! genmon TokenReview G enmon ݳ໳ ֤ team ʹରͯ͠ ద੾ͳݖݶΛ෇༩ by wantedly Webhook token authenticator for Kubernetes Results Token

  10. ©2018 Wantedly, Inc.  %BFNPO4FUͰ֤NBTUFSʹHFONPO͕ଘࡏ  8FCIPPL"VUIFOUJDBUJPOͰHFONPO΁  5FBN(SPVQͱͯ͠ѻ͍3#"$ https://github.com/appscode/guard

    https://github.com/oursky/kubernetes-github-authn ࢀߟ࣮૷ https://kubernetes.io/docs/admin/authentication/#webhook-token-authentication Role Based Access Control Team ͝ͱʹҟͳΔk8sͷૢ࡞ΛڐՄ͍ͨ͠ G Token Token Teams Groups RBAC!! genmon TokenReview Results Token

  11. ©2018 Wantedly, Inc. K enmon ݕ໰ ಛఆteam ʹೖ͍ͬͯΔͱ production access

    ΁ͷ ssh ΛڐՄ G enmon ݳ໳ ֤ team ʹରͯ͠ ద੾ͳݖݶΛ෇༩ by wantedly SSH Proxy with GitHub Private Keys Webhook token authenticator for Kubernetes by wantedly

  12. ©2018 Wantedly, Inc. ࣾ಺શһGitHubʹೖΕͪΌ͓͏ GitHubΛೝূαʔϏεͱͯ͠࢖͓͏ ૊৫ߏ଄ͱTeamߏ଄Λ߹ΘͤΑ͏ Summary