I'm curious about how others are setting up multi-factor authentication (MFA) for updating or deleting resources in Kubernetes. What are some recommended methods or tools being used?
5 Answers
Have you considered using Pinniped along with Keycloak? They work well together to provide MFA options.
We rely on Flux GitOps with automated sanity checks on pull requests. It’s a way to ensure that changes are vetted before they go live, which could serve as an effective control.
I think it's more of an identity provider (IDP) issue than a Kubernetes issue. Find an IDP that supports a four-eyes workflow and integrate that into your system.
One approach I've seen is using OIDC with Entra. This setup helps streamline authentication while ensuring that MFA requirements are met.
In our case, we don’t really provide CLI access to anyone. It seems like a secure route since not many users need such access.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures