Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Kubernetes における最高の認証フローを本気で考え直してみた / GitHub Team Based Access Control

Kubernetes における最高の認証フローを本気で考え直してみた / GitHub Team Based Access Control

Kubernetes Meetup Tokyo #11 の LT で発表した資料です。

Shimpei Otsubo

May 17, 2018
Tweet

More Decks by Shimpei Otsubo

Other Decks in Technology

Transcript

  1. ©2018 Wantedly, Inc. G enmon ݳ໳ ͍ΖΜͳνʔϜʹ ͍ΖΜͳݖݶΛ NEW!! GitHub

    ͷࣾ಺ϑϩʔΛLTͰ΋࢖͏(JU)VC5PLFOΛ౤͛Δ͚ͩ ؾܰʹ෇༩Ͱ͖ΔΑ͏ʹ by wantedly G Token Token Token Teams Groups RBAC!! Results genmon TokenReview
  2. ©2018 Wantedly, Inc.  %BFNPO4FUͰ֤NBTUFSʹHFONPO͕ଘࡏ  8FCIPPL"VUIFOUJDBUJPOͰHFONPO΁  5FBN(SPVQͱͯ͠ѻ͍3#"$ Architecture

    https://github.com/appscode/guard https://github.com/oursky/kubernetes-github-authn ࢀߟ࣮૷ https://kubernetes.io/docs/admin/authentication/#webhook-token-authentication Role Based Access Control G Token Token Token Teams Groups RBAC!! Results genmon TokenReview
  3. ©2018 Wantedly, Inc. Examples deploybot deployer deployment-patcher potsbo intern-short view

    user Team Role potsbo infrastructure cluster-admin ඞཁ࠷௿ݶͷݖݶͷΈΛ෇༩