infra

command module

v0.4.13 Latest Latest Go to latest Published: Nov 30, 2021 License: Apache-2.0 Imports: 2 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/infrahq/infra

Links

Open Source Insights

README ¶

We take security very seriously. If you believe you have found a security issue please report it to our security team by contacting us at security@infrahq.com.

Introduction

Infra is identity and access management for your cloud infrastructure. It puts the power of fine-grained access to infrastructure like Kubernetes in your hands via existing identity providers such as Okta, Google Accounts, Azure Active Directory and more.

Features:

Single-command access: infra login
No more out-of-sync user configurations
Fine-grained role assignment
Onboard and offboard users via Okta (Azure AD, Google, GitHub coming soon)
Audit logs for who did what, when (coming soon)

Quickstart

Prerequisites:

Install Helm (v3+)
Install Kubernetes (v1.14+)

Configure

Configure Okta

Follow the Okta guide to set up Okta for Infra. You'll need:

Okta domain
Okta client ID
Okta client secret
Okta API token

Configure Infra

# example values.yaml
---
config:
  providers:
    - kind: okta
      # Update with values from above
      # Values can be securely loaded from different secret managers (e.g. Kubernetes secrets)
      # or in plaintext (not recommended for production). See https://github.com/infrahq/infra/blob/main/docs/secrets.md
      domain: <Okta domain>
      clientID: <Okta client id>
      clientSecret: <Okta client secret>
      apiToken: <Okta api token>

  groups:
    # Grants the "Everyone" Okta group read-only access
    # to the default namespace of your Kubernetes cluster
    - name: Everyone
      provider: okta
      roles:
        - kind: cluster-role
          name: view
          destinations:
            - name: <cluster name> # cluster name in your cloud provider
              kind: kubernetes
              namespaces:
                - default

See the Helm Chart reference for a complete list of options configurable through Helm.

Note: Infra uses Secrets to securely load secrets. It is not recommended to use plain text secrets. Considering using another supported secret type.

Install Infra

helm repo add infrahq https://helm.infrahq.com/
helm repo update
helm upgrade --install -n infrahq --create-namespace -f values.yaml infra infrahq/infra

Install Infra CLI

macOS

brew install infrahq/tap/infra

Windows

scoop bucket add infrahq https://github.com/infrahq/scoop.git
scoop install infra

Linux

# Ubuntu & Debian
sudo echo 'deb [trusted=yes] https://apt.fury.io/infrahq/ /' >/etc/apt/sources.list.d/infrahq.list
sudo apt update
sudo apt install infra

# Fedora & Red Hat Enterprise Linux
sudo dnf config-manager --add-repo https://yum.fury.io/infrahq/
sudo dnf install infra

Access Your Infrastructure

You will need to get your Infra endpoint. This step will be different depending on your Service type.

Ingress

INFRA_HOST=$(kubectl -n infrahq get ingress -l infrahq.com/component=infra -o jsonpath="{.items[].status.loadBalancer.ingress[*]['ip', 'hostname']}")

LoadBalancer

Note: It may take a few minutes for the LoadBalancer endpoint to be assigned. You can watch the status of the service with:

kubectl -n infrahq get services -l infrahq.com/component=infra -w

INFRA_HOST=$(kubectl -n infrahq get services -l infrahq.com/component=infra -o jsonpath="{.items[].status.loadBalancer.ingress[*]['ip', 'hostname']}")

ClusterIP

CONTAINER_PORT=$(kubectl -n infrahq get services -l infrahq.com/component=infra -o jsonpath="{.items[].spec.ports[0].port}")
kubectl -n infrahq port-forward services infra 8080:$CONTAINER_PORT &
INFRA_HOST='localhost:8080'

Once you have your infra host, it is time to login.

infra login

Follow the instructions on screen to complete the login process.

See the Infra CLI reference for more ways to use infra.

Next Steps

Connect Additional Identity Providers

Providers
- Okta

Connect Additional Infrastructure Destinations

Destinations
- Kubernetes

Upgrade Infra

helm repo update
helm upgrade --install -n infrahq -f values.yaml infra infrahq/infra

Security

We take security very seriously. If you have found a security vulnerability please disclose it privately to us by email via security@infrahq.com.

Documentation

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
internal Package version is used check what the verson variable was set to when the running build was created.	Package version is used check what the verson variable was set to when the running build was created.
api
certs
cmd
docgen
engine
generate
kubernetes
logging Package logging provides a shared logger and log utilities to be used in all internal packages.	Package logging provides a shared logger and log utilities to be used in all internal packages.
pro/audit
registry
registry/mocks
timer
tools/querylinter Module
pki
secrets
test module
testutil
docker

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL