README
¶
Introduction
Infra is identity and access management for Kubernetes. Provide any user fine-grained access to Kubernetes clusters via existing identity providers such as Okta, Google Accounts, Azure Active Directory and more.
Features:
- Single-command access:
infra login - No more out-of-sync kubeconfig files
- Fine-grained role assignment
- Onboard and offboard users via Okta (Azure AD, Google, GitHub coming soon)
- Audit logs for who did what, when (coming soon)
Quickstart
Install Infra Registry
Prerequisites:
helm repo add infrahq https://helm.infrahq.com
helm repo update
helm install infra-registry infrahq/registry --namespace infrahq --create-namespace
Connect Kubernetes cluster to Infra Registry
Run the following commands to retrieve Infra Registry information and its API key:
INFRA_REGISTRY=$(kubectl --namespace infrahq get services infra-registry -o jsonpath="{.status.loadBalancer.ingress[*]['ip', 'hostname']}")
INFRA_API_KEY=$(kubectl --namespace infrahq get secrets infra-registry -o jsonpath='{.data.defaultApiKey}' | base64 -d)
Then, install Infra Engine in the Kubernetes context of the cluster you want to connect to Infra Registry:
helm install infra-engine infrahq/engine --namespace infrahq --set name=my-first-cluster --set registry=$INFRA_REGISTRY --set apiKey=$INFRA_API_KEY
Connect an identity provider
First, add Okta via an infra.yaml configuration file:
Next, add the following to your infra.yaml configuration file to grant everyone view access to the cluster:
groups:
- name: Everyone # example group
source: okta
roles:
- name: view
kind: cluster-role
destinations:
- name: my-first-cluster
Then, update your Infra Registry with this new config:
helm upgrade infra-registry infrahq/registry --namespace infrahq --set-file config=./infra.yaml
Install Infra CLI
Debian, Ubuntu
sudo echo 'deb [trusted=yes] https://apt.fury.io/infrahq/ /' >/etc/apt/sources.list.d/infrahq.list
sudo apt update
sudo apt install infra
Fedora, Red Hat Enterprise Linux
sudo dnf config-manager --add-repo https://yum.fury.io/infrahq/
sudo dnf install infra
macOS
brew install infrahq/tap/infra
Windows
scoop bucket add infrahq https://github.com/infrahq/scoop.git
scoop install infra
Access infrastructure
infra login <your infra registry endpoint>
After login, Infra will automatically synchronize all the Kubernetes clusters configured for the user into their default kubeconfig file.
That's it! You now have access to your cluster via Okta. To list all the clusters, run infra list.
Upgrading Infra
First, update the Helm repo:
helm repo update
Then, update the Infra Registry
helm upgrade infra-registry infrahq/registry --namespace infrahq
Lastly, update any Infra Engines:
helm upgrade infra-engine infrahq/engine --namespace infrahq
Next Steps
- Update roles
- Add a custom domain to make it easy for sharing with your team
- Connect more Kubernetes clusters
Documentation
Security
We take security very seriously. If you have found a security vulnerability please disclose it privately to us by email via security@infrahq.com
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
internal
|
|
|
logging
Package logging provides a shared logger and log utilities to be used in all internal packages.
|
Package logging provides a shared logger and log utilities to be used in all internal packages. |
|
version
Package version is used check what the verson variable was set to when the running build was created.
|
Package version is used check what the verson variable was set to when the running build was created. |
|
tools/querylinter
Module
|
|
|
test
module
|