I'm looking for effective methods to authenticate my developers in our on-prem Kubernetes cluster. Ideally, I want something similar to access entries in AWS. I've come across some interesting options, and I'm eager to hear what solutions others are using for authentication in their K8s environments.
5 Answers
Honestly, sometimes a basic OIDC setup doesn't require additional tools at all. If your developers just need an easy way to connect, that's something to consider.
If you're using Hashicorp Vault, it has a built-in OIDC provider that works well with the kubelogin plugin. This combination can help you secure authentication while integrating RBAC groups too. You can find more details on it in various guides online, like setting it up with GitOps.
Teleport is a great option! It's straightforward for access control, but I'd be curious to know how their pricing structure looks since their website isn't the clearest on that.
For on-prem setups, you might want to consider using Dex with Gangway. Although Gangway is no longer actively maintained, it offered OIDC authentication quite effectively. Just be aware of that if you go down that path.
That’s true, but I found it useful while it lasted. It's worth checking out some alternatives that are currently maintained.
Keycloak is a fantastic choice for self-hosted OAuth, especially since it’s free. It's really user-friendly and integrates nicely into K8s setups.
Yeah, I felt the same about their pricing info. I'd love to hear from someone who's used it recently!