infra

command module
v0.0.17 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 14, 2021 License: Apache-2.0 Imports: 1 Imported by: 0

README

Introduction

Infra is identity and access management for Kubernetes. Provide any user fine-grained access to Kubernetes clusters via existing identity providers such as Okta, Google Accounts, Azure Active Directory and more.

Features:

  • One-command access: infra login
  • No more out of sync Kubeconfig files
  • Fine-grained role assignment
  • Onboard & offboard users via Okta (Azure AD, Google, GitHub coming soon)
  • Audit logs for who did what, when (coming soon)

Quickstart

  1. Create infra.yaml
# Configure external identity providers
sources:
  - type: okta
    domain: acme.okta.com
    clientId: 0oapn0qwiQPiMIyR35d6
    clientSecret: jfpn0qwiQPiMIfs408fjs048fjpn0qwiQPiMajsdf08j10j2
    apiToken: 001XJv9xhv899sdfns938haos3h8oahsdaohd2o8hdao82hd

# Map groups or individual users pulled from identity providers
# Roles refer to available roles or cluster-roles currently 
# configured in the cluster. Custom roles are supported. 
groups:
  - name: developers
    sources:
      - okta
    roles:
      - name: writer
        kind: cluster-role
        clusters:
          - cluster-1
users:
  - name: person@example.com
    roles:
      - name: admin
        kind: cluster-role
        clusters:
          - cluster-1
          - cluster-2

Please follow Okta configuration guide to obtain your Okta API token.

  1. Install Infra registry with configuration
helm repo add infrahq https://helm.infrahq.com

helm install infra infrahq/infra --namespace infrahq --set-file config=./infra.yaml
  1. Connect Kubernetes Cluster(s)

In a web browser visit Infra registry dashboard. The URL may be found using:

kubectl get svc -n default -w infra -o jsonpath="{.status.loadBalancer.ingress[*]['ip', 'hostname']

Login

Once in the dashboard, navigate to Infrastructure and click Add Cluster

Add cluster

Run this command to connect an existing Kubernetes cluster. Note, this command can be re-used for multiple clusters or scripted via Infrastructure As Code (IAC).

Usage Guide

Install Infra CLI

macOS & Linux

brew install infrahq/tap/infra

Windows

scoop bucket add infrahq https://github.com/infrahq/scoop.git
scoop install infra

Login to your Infra Registry

infra login <your infra registry endpoint>

After login, Infra will automatically synchronize all the Kubernetes clusters configured for the user into their default kubeconfig file.

Accessing clusters

To list all the clusters, please run infra list.

Users can then switch Kubernetes context via kubectl config use-context <name> or via any Kubernetes tools.

Next Steps

Documentation

Security

We take security very seriously. If you have found a security vulnerability please disclose it privately to us by email via security@infrahq.com

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
internal
cmd
docgen
engine
generate
kubernetes
logging
Package logging provides a shared logger and log utilities to be used in all internal packages.
 Package logging provides a shared logger and log utilities to be used in all internal packages.
registry
registry/mocks
timer
v1
Package v1 is a reverse proxy.
 Package v1 is a reverse proxy.
version
Package version is used check what the verson variable was set to when the running build was created.
 Package version is used check what the verson variable was set to when the running build was created.
tools/querylinter Module
test module

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.