Hey everyone! I'm managing a cluster with Ionos and I'm looking to set up user authentication to avoid downloading the kubeconfig file. I'm hoping to implement OIDC and also integrate RBAC for better access control. I've come across Keycloak, which seems ideal, but I noticed it's from Bitnami. I also found Pinniped. Can anyone suggest other open-source alternatives that might fit my needs?
6 Answers
There’s also Dex and Authentik to consider for OIDC. I’ve seen several people use Dex with Kubernetes, and it's lighter compared to Keycloak. You might also want to check out the runable community; they have a lot of folks experienced in self-hosted Kubernetes solutions.
I use an OIDC kubeconfig with Authentik. However, I often find myself reporting issues on GitHub after each release. Just a heads up about that!
Keycloak is actually open source and part of the CNCF, so it's a reliable choice for OIDC. You might want to check it out!
Authentik is another solid option. It provides OIDC right out of the box and is open source. The documentation could use some work, though, so be prepared to spend some time figuring things out, but it can definitely be set up for your needs!
We went with Dex along with an upstream OIDC provider. It allows for provisioning users either statically or dynamically and has been working flawlessly for us! 👍
I’ve used Pinniped myself, and I ended up creating a custom Helm chart from their YAML templates. It suited my needs perfectly since the kubeconfig it generates is generic and works for all users. I'd recommend it!
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures