Introduction
Infra is identity and access management for Kubernetes. Provide any user fine-grained access to Kubernetes clusters via existing identity providers such as Okta, Google Accounts, Azure Active Directory and more.
Features:
- One-command access:
infra login
- Fine-grained permissions
- Onboard & offboard users via Okta (Azure AD, Google, GitHub coming soon)
- Audit logs for who did what, when (coming soon)
- CLI & REST API
- Configure via
infra.yaml
Quickstart
Install Infra Registry
kubectl apply -f https://raw.githubusercontent.com/infrahq/release/main/deploy/registry.yaml
Infra exposes a LoadBalancer
service by default. Find the External IP of the load balancer:
kubectl get svc --namespace infra
Install Infra CLI
curl -L "https://github.com/infrahq/release/releases/latest/download/infra-$(uname -s)-$(uname -m)" -o /usr/local/bin/infra && chmod +x /usr/local/bin/infra
Log in
infra login <EXTERNAL-IP>
Connect a Kubernetes cluster
First, retrieve your default Infra Registry API Key
infra apikey list
Then, install Infra Engine:
kubectl create namespace infra
kubectl create configmap infra-engine -n infra --from-literal="name=<CLUSTER NAME>" --from-literal="registry=<EXTERNAL IP>"
kubectl create secret generic infra-engine -n infra --from-literal="api-key=<API KEY>"
kubectl apply -f https://raw.githubusercontent.com/infrahq/release/main/deploy/engine.yaml
Verify the cluster has been connected:
infra destination list
To switch to this cluster, run
kubectl config use-context <CLUSTER NAME>
Add users
Map Permissions
To automatically assign permissions to specific users, create a config map containing the infra.yaml
configuration file.
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
name: infra
namespace: infra
data:
infra.yaml: |
permissions:
- user: michael@example.com
destination: <CLUSTER NAME>
role: edit
EOF
Then, restart Infra registry to apply the change:
kubectl rollout restart -n infra deployment/infra
Documentation
Security
We take security very seriously. If you have found a security vulnerability please disclose it privately to us by email via security@infrahq.com