Introduction
Infra is identity and access management for Kubernetes. Provide any user fine-grained access to Kubernetes clusters via existing identity providers such as Okta, Google Accounts, Azure Active Directory and more.
Features:
- One-command access:
infra login
- No more out of sync Kubeconfig files
- Fine-grained role assignment
- Onboard & offboard users via Okta (Azure AD, Google, GitHub coming soon)
- Audit logs for who did what, when (coming soon)
Quickstart
- Create
infra.yaml
# Configure external identity providers
sources:
- type: okta
domain: acme.okta.com
clientId: 0oapn0qwiQPiMIyR35d6
clientSecret: jfpn0qwiQPiMIfs408fjs048fjpn0qwiQPiMajsdf08j10j2
apiToken: 001XJv9xhv899sdfns938haos3h8oahsdaohd2o8hdao82hd
# Map groups or individual users pulled from identity providers
# Roles refer to available roles or cluster-roles currently
# configured in the cluster. Custom roles are supported.
groups:
- name: developers
sources:
- okta
roles:
- name: writer
kind: cluster-role
clusters:
- cluster-1
users:
- name: person@example.com
roles:
- name: admin
kind: cluster-role
clusters:
- cluster-1
- cluster-2
Please follow Okta configuration guide to obtain your Okta API token.
- Install Infra registry with configuration
helm repo add infrahq https://helm.infrahq.com
helm install infra infrahq/infra --namespace infrahq --set-file config=./infra.yaml
- Connect Kubernetes Cluster(s)
In a web browser visit Infra registry dashboard. The URL may be found using:
kubectl get svc -n default -w infra -o jsonpath="{.status.loadBalancer.ingress[*]['ip', 'hostname']
Once in the dashboard, navigate to Infrastructure and click Add Cluster
Run this command to connect an existing Kubernetes cluster. Note, this command can be re-used for multiple clusters or scripted via Infrastructure As Code (IAC).
Usage Guide
Install Infra CLI
macOS & Linux
brew install infrahq/tap/infra
Windows
scoop bucket add infrahq https://github.com/infrahq/scoop.git
scoop install infra
Login to your Infra Registry
infra login <your infra registry endpoint>
After login, Infra will automatically synchronize all the Kubernetes clusters configured for the user into their default kubeconfig file.
Accessing clusters
To list all the clusters, please run infra list
.
Users can then switch Kubernetes context via kubectl config use-context <name>
or via any Kubernetes tools.
Next Steps
Documentation
Security
We take security very seriously. If you have found a security vulnerability please disclose it privately to us by email via security@infrahq.com