README
¶
Introduction
Infra is identity and access management for Kubernetes. Provide any user fine-grained access to Kubernetes clusters via existing identity providers such as Okta, Google Accounts, Azure Active Directory and more.
Features:
- One-command access:
infra login - No more out of sync Kubeconfig files
- Fine-grained role assignment
- Onboard & offboard users via Okta (Azure AD, Google, GitHub coming soon)
- Audit logs for who did what, when (coming soon)
Quickstart
Install Infra registry
Prerequisites:
helm repo add infrahq https://helm.infrahq.com
helm repo update
helm install infra-registry infrahq/registry --namespace infrahq --create-namespace
Connect Kubernetes cluster to Infra Registry
Run the following commands to retrive Infra Registry information and its API Key:
export INFRA_REGISTRY=$(kubectl get svc -n infrahq infra-registry -o jsonpath="{.status.loadBalancer.ingress[*]['ip', 'hostname']}")
export INFRA_API_KEY=$(kubectl get secrets/infra-registry --template={{.data.defaultApiKey}} --namespace infrahq | base64 -d)
Then, install Infra Engine in the Kubernetes context of the cluster you want to connect to Infra Registry
helm install infra-engine infrahq/engine \
--namespace infrahq \
--set registry=$INFRA_REGISTRY \
--set apiKey=$INFRA_API_KEY \
--set name=my-first-cluster
Connect an identity provider
First, add Okta via an infra.yaml configuration file:
Next, add the following to your infra.yaml configuration file to grant everyone view access to the cluster.
groups:
- name: Everyone # example group
source: okta
roles:
- name: view
kind: cluster-role
destinations:
- name: my-first-cluster
Then update your Infra Registry with this new config:
helm upgrade infra-registry infrahq/registry --set-file config=./infra.yaml -n infrahq
Install Infra CLI
macOS & Linux
brew install infrahq/tap/infra
Windows
scoop bucket add infrahq https://github.com/infrahq/scoop.git
scoop install infra
Accessing infrastructure
infra login <your infra registry endpoint>
After login, Infra will automatically synchronize all the Kubernetes clusters configured for the user into their default kubeconfig file.
That's it! You now have access to your cluster via Okta. To list all the clusters, run infra list.
Next Steps
- Update roles
- Add a custom domain to make it easy for sharing with your team
- Connect more Kubernetes clusters
Documentation
Upgrading Infra
First, update the helm repo:
helm repo update
Then, update the Infra Registry
helm upgrade infra-registry infrahq/registry --namespace infrahq
Lastly, update any Infra Engines:
helm upgrade infra-engine infrahq/engine --namespace infrahq
Security
We take security very seriously. If you have found a security vulnerability please disclose it privately to us by email via security@infrahq.com
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
internal
|
|
|
logging
Package logging provides a shared logger and log utilities to be used in all internal packages.
|
Package logging provides a shared logger and log utilities to be used in all internal packages. |
|
version
Package version is used check what the verson variable was set to when the running build was created.
|
Package version is used check what the verson variable was set to when the running build was created. |
|
tools/querylinter
Module
|
|
|
test
module
|