kapilogin

Table of Contents

1. Purpose
2. Getting Started
   • Prerequisites
   • Installation
3. Configuration
4. Contribute
5. License
6. Contact

Purpose

This project allows you to dynamicaly retrive kubeconfig files and use kubelogin for oidc login to authenticate on clusters managed by Cluster API.

(back to top)

Getting Started

Prerequisites

You need to have :

• Kubelogin installed on your machine.
• A Kubernetes cluster with Cluster API and child clusters bootstraped with it.
• Your cluster can assign IPs on Services type LoadBalancer.
• kubectl binary

Installation

1. Deploy the latest kapilogin server release on the Kubernetes with Cluster API :

    kubectl kustomize https://github.com/aamoyel/kapilogin/deploy | kubectl apply -f -

2. Get the latest release of the CLI and add it in your PATH

(back to top)

Configuration

1. First, you need to get the LoadBalancer IP use by kapilogin API:

    kubectl -n kapilogin get svc kapilogin -o json | jq '.status.loadBalancer.ingress[0].ip'

2. To authenticate on your clusters and define Kapilogin API endpoint, you need to configure Kapilogin. You can use an url to the raw file (eg: https://raw.githubusercontent.com/project/main/kapilogin.yaml) or directly create the file on you system with the command below:

   cat <<EOF > $HOME/.kapilogin.yaml
   kapiloginApiEndpoint: KAPILOGIN_API_ENDPOINT # LoadBalancer IP
   oidcIssuerUrl: ISSUER_URL
   oidcClientId: YOUR_CLIENT_ID
   oidcClientSecret: YOUR_CLIENT_SECRET # Optional
   EOF

3. To use this configuration you can pass "-c CFG_PATH" to the kapilogin CLI or set the var KAPILOGIN_CONFIG=... (url of local file path)

4. Now, you can use the 'kapilogin' CLI.

    kapilogin --help

(back to top)

Contribute

You can create issues and PRs on this project if you have any problems or suggestions.

(back to top)

License

Distributed under the Apache-2.0 license. See LICENSE.txt for more information.

(back to top)

Contact

Alan Amoyel - @AlanAmoyel

(back to top)