infra

README

Introduction

Infra is identity and access management for Kubernetes. Provide any user fine-grained access to Kubernetes clusters via existing identity providers such as Okta, Google Accounts, Azure Active Directory and more.

Features:

• One-command access: infra login
• Fine-grained permissions
• Onboard & offboard users via Okta (Azure AD, Google, GitHub coming soon)
• Audit logs for who did what, when (coming soon)
• CLI & REST API
• Configure via infra.yaml

Quickstart

Install Infra Registry

helm repo add infrahq https://helm.infrahq.com
helm install infra infrahq/registry

Install Infra CLI

curl -L "https://github.com/infrahq/release/releases/latest/download/infra-$(uname -s)-$(uname -m)" -o /usr/local/bin/infra && chmod +x /usr/local/bin/infra

Log in

infra login <EXTERNAL-IP>

Connect a Kubernetes cluster

First, retrieve your default API Key

infra apikey list

Then, install Infra Engine on the cluster:

helm install infra-engine infrahq/engine --set registry=<EXTERNAL-IP> --set apiKey=<API KEY> --set name=<CLUSTER NAME>

Verify the cluster has been connected:

infra destination list

To switch to this cluster, run

kubectl config use-context <CLUSTER NAME>

Add users

• Connect Okta
• Add users manually

Map Permissions

To automatically assign permissions to specific users, create a config map containing the infra.yaml configuration file.

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
  name: infra
  namespace: infra
data:
  infra.yaml: |
    permissions:
      - user: michael@example.com
        destination: <CLUSTER NAME>
        role: edit
EOF

Then, restart Infra to apply the change:

kubectl rollout restart -n infra deployment/infra

Documentation

• Connect Okta
• Add users manually
• Add a custom domain
• CLI Reference
• Configuration Reference
• Contributing

Security

We take security very seriously. If you have found a security vulnerability please disclose it privately to us by email via security@infrahq.com