Managing Access to Kubernetes with Keycloak
Рет қаралды 3,423
7 ай бұрынIn this video, we will see how to install and configure Keycloak to grant access to Kubernetes clusters using OpenID Connect.
GitHub Project: github.com/morrismusumi/kuber...
@cafanwi Ай бұрын
Thank you my brother for this great vid
@AneesAA-fn7dm 4 ай бұрын
Awesome content bro
@soufiane22v 7 ай бұрын
Amazing stuff . This is by far the best demo regarding k8s authN and authZ using kyecloak. One queation please. Which vscode theme you use in your videos 🤘🏻
@EngineeringWithMorris 7 ай бұрын
Thanks a lot mate for your support. For the vscode theme checkout poimandres.
@antonevseev2708 7 ай бұрын
Hey, Morris! Thanks for another great guide video! One question - if i have several control planes, do i need to edit kube server api manifest on each one of them?
@EngineeringWithMorris 7 ай бұрын
Hi thanks for watching. If you have multiple control-plane nodes but only send requests to one node via kubectl then configuring just the one node will be enough. However if you connect to your cluster via a load balancer which load-balances requests across all the control-plane nodes then you need to reconfigure the kube-apiserver on all the nodes. Each kube-apiserver receiving API requests needs to know where to send token validation requests which in this case is the Keycloak server.
@antonevseev2708 7 ай бұрын
@@EngineeringWithMorris Awesome, thanks for clarifying that, mate! I have LB, yes, so will configure it on all nodes. Cant wait to start implementing it. Love your channel and save all your videos to my Tube Archivist. Best of luck
@innocentmagagula8382 5 ай бұрын
Hi Morris, Amaizing content! any idea how can I configure the SSO on remote cluster nodes with no GUI/web browser, as those nodes are only accessible via SSH and use a command-line interface
@billydashaakapolarbear4914 5 ай бұрын
I’m also interested in this , I hope author can see us
@olegfranko8675 7 ай бұрын
Great content, Morris! How do you authenticate to the Kube-API via OIDC when Keycloak isn't running for some reason or the pods were terminated? This is the main reason why I was struggling to manage such critical services like Authentication providers or secret management tools like Vault within a Kubernetes cluster. However I'm not happy with this solution to keep this kind of critical infrastructure components on separate virtual machines in production. Could you please share your thoughts on handling such critical components in production? Thanks 🙏
@EngineeringWithMorris 7 ай бұрын
Hi thanks a lot. I normally handle such issues by having multiple clusters at least two(east and west). Critical services can be configured to failover to the other cluster. Non critical applications can be maintained in only one cluster. I also configure replication and federation for the applications that support it. I also do my best to avoid reverting back to VMs, if it can run in a container the I always find a ways to deploy it to k8s.
@olegfranko8675 7 ай бұрын
@@EngineeringWithMorrisThanks for sharing your thoughts. I will definitely try to take a look on multi cluster deployments or similar approaches like automatic failover to other clusters, if I understood correctly. Usually we spread our masters and worker nodes across different datacenters with good latency, but it would be great to have some kind of resilience against entire cluster outages.
@TheBestDanceMoves 6 ай бұрын
Hello, I want users to access only certain pods in a cluster. How do I do that? Is it possible?
@EngineeringWithMorris 6 ай бұрын
Hi, You can look into using a validating webhook admission controller to define more fine grained controls not possible with plain RABAC. Checkout Open Policy Agent.
@TheBestDanceMoves 5 ай бұрын
Alright thank you. I went through it but doesn't seems to really do what I want. Let me detail my problem. Consider that we have two users/developers, John and James. Now, I have a kubernetes cluster with two pods inside, pod1 and pod2. I want John to access pod1 only and not pod2. similarly, I want James to access pod2 and not pod1. The same scenario occurs if I want them to access nodes. I hope it is clear now. I look forward to your reply, thank you. @@EngineeringWithMorris
@mnededeejay 7 ай бұрын
bro what's happening with your videos lately, they have this thing where they're laggy, not sure how to describe it
@EngineeringWithMorris 7 ай бұрын
Should be something with the camera settings, funny thing is that some people say it’s actually fine while others see an issue. But will definitely recheck everything, either my camera or export settings. Thanks for your feedback
@rileydavidjesus 5 ай бұрын
I didn’t notice until I saw this comment now I see it like crazy. I think it’s a 4k rendering issue
Engineering with Morris
Рет қаралды 34 М.
Rohan Rustagi
Рет қаралды 277
Niko Köbler (@dasniko) - Keycloak Expert
Рет қаралды 3 М.
Engineering with Morris
Рет қаралды 6 М.