Kubernetes Meetup Tokyo #11 の LT で発表した資料です。
©2018 Wantedly, Inc.GitHub Team Based Access ControlKubernetes ʹ͓͚Δ࠷ߴͷೝূϑϩʔΛຊؾͰߟ͑ͯ͠ΈͨKubernetes Meetup Tokyo #1117.May.2018 - Shimpei Otsubo - @potsbo
View Slide
©2018 Wantedly, Inc.Wantedly ͷ ։ൃࣄGitHub ΊͬͪΌ͏ΞϓϦΤϯδχΞLVCFDUMΊͬͪΌ͏ΊͬͪΌࣗಈԽ͢Δ˞؆ུ൛XSBQQFSऑ͍ݖݶ΄͍͠ʜࣾશһ(JU)VC 5FBNຖʹݖݶΛ੍ݶ
©2018 Wantedly, Inc.ୡ͍ͨ͜͠ͱ͕͋ΔGitHub ͷࣾϑϩʔʹΓ͍ͨʂʂؾܰʹΞΫηεݖΛ༩͍ͨ͠ʂʂ$*ʹ࠷ݶͷݖݶΛ༩͍ͨ͠ʂʂݱঢ়"MMPS/PUIJOHͳͷͰΠϯλʔϯ͕͍͠ʜʮʙͷݖݶΛ͍ͩ͘͞ʯΛ)3ʹ͍ͤͨ
©2018 Wantedly, Inc.G enmon ݳ͍ΖΜͳνʔϜʹ͍ΖΜͳݖݶΛNEW!!GitHub ͷࣾϑϩʔΛLTͰ͏(JU)VC5PLFOΛ͛Δ͚ͩؾܰʹ༩Ͱ͖ΔΑ͏ʹby wantedlyGToken Token TokenTeamsGroupsRBAC!!ResultsgenmonTokenReview
©2018 Wantedly, Inc. %BFNPO4FUͰ֤NBTUFSʹHFONPO͕ଘࡏ 8FCIPPL"VUIFOUJDBUJPOͰHFONPO 5FBN(SPVQͱͯ͠ѻ͍3#"$Architecturehttps://github.com/appscode/guardhttps://github.com/oursky/kubernetes-github-authnࢀߟ࣮https://kubernetes.io/docs/admin/authentication/#webhook-token-authenticationRole Based Access ControlGToken Token TokenTeamsGroupsRBAC!!ResultsgenmonTokenReview
©2018 Wantedly, Inc.Examplesdeploybot deployer deployment-patcherpotsbo intern-short viewuser Team Rolepotsbo infrastructure cluster-adminඞཁ࠷ݶͷݖݶͷΈΛ༩
©2018 Wantedly, Inc.ࣾͷ GitHub ͷطଘϑϩʔʹͬͨ··LVCFDUMͰ(JU)VC5PLFOΛૹΔ͚ͩͰ3#"$Ͱ୭ʹͰඞཁेͳݖݶΛ༩ΠϯλʔϯͰ$PSQPSBUF͕ߦ͍ͬͯΔ(JU)VCͷઃఆ͕ͦͷ··͑Δ,VCFSOFUFTʹ͓͚Δ࠷ߴͷೝূϑϩʔΛຊؾͰߟ͑ͯ͠Έͨ݁Ռ