infra

command module

v0.0.3 Latest Latest Go to latest Published: Jun 17, 2021 License: Apache-2.0 Imports: 1 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/infrahq/infra

Links

Open Source Insights

README ¶

Introduction

Infra is identity and access management for Kubernetes. Provide any user fine-grained access to Kubernetes clusters via existing identity providers such as Okta, Google Accounts, Azure Active Directory and more.

Features:

One-command access: infra login
Fine-grained permissions
Onboard & offboard users via Okta (Azure AD, Google, GitHub coming soon)
Audit logs for who did what, when (coming soon)
CLI & REST API
Configure via infra.yaml

Quickstart

Install Infra Registry

kubectl apply -f https://raw.githubusercontent.com/infrahq/release/main/deploy/registry.yaml

Infra exposes a LoadBalancer service by default. Find the External IP of the load balancer:

kubectl get svc --namespace infra

Install Infra CLI

curl -L "https://github.com/infrahq/release/releases/latest/download/infra-$(uname -s)-$(uname -m)" -o /usr/local/bin/infra && chmod +x /usr/local/bin/infra

Log in

infra login <EXTERNAL-IP>

Connect a Kubernetes cluster

First, retrieve your default Infra Registry API Key

infra apikey list

Then, install Infra Engine:

kubectl create namespace infra

kubectl create configmap infra-engine -n infra --from-literal="name=<CLUSTER NAME>" --from-literal="registry=<EXTERNAL IP>"

kubectl create secret generic infra-engine -n infra --from-literal="api-key=<API KEY>"

kubectl apply -f https://raw.githubusercontent.com/infrahq/release/main/deploy/engine.yaml

Verify the cluster has been connected:

infra destination list

To switch to this cluster, run

kubectl config use-context <CLUSTER NAME>

Add users

Map Permissions

To automatically assign permissions to specific users, create a config map containing the infra.yaml configuration file.

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
  name: infra
  namespace: infra
data:
  infra.yaml: |
    permissions:
      - user: michael@example.com
        destination: <CLUSTER NAME>
        role: edit
EOF

Then, restart Infra registry to apply the change:

kubectl rollout restart -n infra deployment/infra

Documentation

Security

We take security very seriously. If you have found a security vulnerability please disclose it privately to us by email via security@infrahq.com

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
internal
certs
cmd
docgen
engine
generate
okta
registry
timer
tools/querylinter Module
test module

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL