An application that can be used to easily enable authentication flows via OIDC for a kubernetes cluster.
Clone or download
stevesloka Merge pull request #90 from Lujeni/documentation/google_oauth
Update google documentation for cluster 1.10+
Latest commit ece61b0 Jan 18, 2019

README.md

gangway Build Status

(noun): An opening in the bulwark of the ship to allow passengers to board or leave the ship.

An application that can be used to easily enable authentication flows via OIDC for a kubernetes cluster. Kubernetes supports OpenID Connect Tokens as a way to identify users who access the cluster. Gangway allows users to self-configure their kubectl configuration in a few short steps.

gangway screenshot

Deployment

Instructions for deploying gangway for common cloud providers can be found here.

API-Server flags

gangway requires that the Kubernetes API server is configured for OIDC:

https://kubernetes.io/docs/admin/authentication/#configuring-the-api-server

kube-apiserver
...
--oidc-issuer-url="https://example.auth0.com/"
--oidc-client-id=3YM4ue8MoXgBkvCIHh00000000000
--oidc-username-claim=email
--oidc-groups-claim=groups

Build

Requirements for building

  • Go (built with 1.10)
  • esc for static resources.
  • dep for dependency management.

A Makefile is provided for building tasks. The options are as follows

Getting started is as simple as:

$ go get github.com/heptiolabs/gangway
$ cd $GOPATH/src/github.com/heptiolabs/gangway
$ make setup
$ make