Managing Access to Kubernetes with Keycloak

Рет қаралды 4,957

Engineering with Morris

Күн бұрын

Пікірлер: 23

@kevinkoltraka3121 26 күн бұрын

very clear and precise video, thank you

@multivalfran Ай бұрын

Thank you for your knowledge Mr. Morris

@AneesAA-fn7dm 8 ай бұрын

Awesome content bro

@cafanwi 6 ай бұрын

Thank you my brother for this great vid

@multivalfran Ай бұрын

Mr. Morris, thanks again for the excellent explanation. I have a question regarding to multiple cluster authentication. Currently, we (in my organization) download the cluster's KubeConfig from Rancher's web UI and save it in the .kube folder, changing between contexts using kubie. Following your step by step, should we execute kubie ctx to choose the correct context before using the kubectl commands?

@EngineeringWithMorris Ай бұрын

@@multivalfran Hi, thanks for watching. I mean yes you have to make sure you are in the right context (cluster) before executing any commands. Your question seems to be unrelated to Keycloak and Kubernetes OIDC cluster authentication though. Perhaps you can clarify.

@soufiane22v Жыл бұрын

Amazing stuff . This is by far the best demo regarding k8s authN and authZ using kyecloak. One queation please. Which vscode theme you use in your videos 🤘🏻

@EngineeringWithMorris Жыл бұрын

Thanks a lot mate for your support. For the vscode theme checkout poimandres.

@innocentmagagula8382 9 ай бұрын

Hi Morris, Amaizing content! any idea how can I configure the SSO on remote cluster nodes with no GUI/web browser, as those nodes are only accessible via SSH and use a command-line interface

@billydashaakapolarbear4914 9 ай бұрын

I’m also interested in this , I hope author can see us

@antonevseev2708 Жыл бұрын

Hey, Morris! Thanks for another great guide video! One question - if i have several control planes, do i need to edit kube server api manifest on each one of them?

@EngineeringWithMorris Жыл бұрын

Hi thanks for watching. If you have multiple control-plane nodes but only send requests to one node via kubectl then configuring just the one node will be enough. However if you connect to your cluster via a load balancer which load-balances requests across all the control-plane nodes then you need to reconfigure the kube-apiserver on all the nodes. Each kube-apiserver receiving API requests needs to know where to send token validation requests which in this case is the Keycloak server.

@antonevseev2708 Жыл бұрын

@@EngineeringWithMorris Awesome, thanks for clarifying that, mate! I have LB, yes, so will configure it on all nodes. Cant wait to start implementing it. Love your channel and save all your videos to my Tube Archivist. Best of luck

@darkjo4335 6 күн бұрын

Hello, is it possible to have multiple control planes active at the same time, or is there always just one active control plane while the others remain passive, ready to take over in case of a failure? I ask because I set up a PostgreSQL cluster a few weeks ago, and the topology was one primary server with the others in standby mode. I thought this was always the case in a cluster setup.

@olegfranko8675 Жыл бұрын

Great content, Morris! How do you authenticate to the Kube-API via OIDC when Keycloak isn't running for some reason or the pods were terminated? This is the main reason why I was struggling to manage such critical services like Authentication providers or secret management tools like Vault within a Kubernetes cluster. However I'm not happy with this solution to keep this kind of critical infrastructure components on separate virtual machines in production. Could you please share your thoughts on handling such critical components in production? Thanks 🙏

@EngineeringWithMorris Жыл бұрын

Hi thanks a lot. I normally handle such issues by having multiple clusters at least two(east and west). Critical services can be configured to failover to the other cluster. Non critical applications can be maintained in only one cluster. I also configure replication and federation for the applications that support it. I also do my best to avoid reverting back to VMs, if it can run in a container the I always find a ways to deploy it to k8s.

@olegfranko8675 Жыл бұрын

@@EngineeringWithMorrisThanks for sharing your thoughts. I will definitely try to take a look on multi cluster deployments or similar approaches like automatic failover to other clusters, if I understood correctly. Usually we spread our masters and worker nodes across different datacenters with good latency, but it would be great to have some kind of resilience against entire cluster outages.

@TheBestDanceMoves 10 ай бұрын

Hello, I want users to access only certain pods in a cluster. How do I do that? Is it possible?

@EngineeringWithMorris 10 ай бұрын

Hi, You can look into using a validating webhook admission controller to define more fine grained controls not possible with plain RABAC. Checkout Open Policy Agent.

@TheBestDanceMoves 10 ай бұрын

Alright thank you. I went through it but doesn't seems to really do what I want. Let me detail my problem. Consider that we have two users/developers, John and James. Now, I have a kubernetes cluster with two pods inside, pod1 and pod2. I want John to access pod1 only and not pod2. similarly, I want James to access pod2 and not pod1. The same scenario occurs if I want them to access nodes. I hope it is clear now. I look forward to your reply, thank you. @@EngineeringWithMorris

@mnededeejay 11 ай бұрын

bro what's happening with your videos lately, they have this thing where they're laggy, not sure how to describe it

@EngineeringWithMorris 11 ай бұрын

Should be something with the camera settings, funny thing is that some people say it’s actually fine while others see an issue. But will definitely recheck everything, either my camera or export settings. Thanks for your feedback

@rileydavidjesus 9 ай бұрын

I didn’t notice until I saw this comment now I see it like crazy. I think it’s a 4k rendering issue