README
¶
Introduction
Infra is identity and access management for your cloud infrastructure. It puts the power of fine-grained access to infrastructure like Kubernetes in your hands via existing identity providers such as Okta, Google Accounts, Azure Active Directory and more.
Features:
- Single-command access:
infra login - No more out-of-sync user configurations
- Fine-grained role assignment
- Onboard and offboard users via Okta (Azure AD, Google, GitHub coming soon)
- Audit logs for who did what, when (coming soon)
Quickstart
Prerequisites:
- Helm (v3+)
- Kubernetes (v1.14+)
Install Infra
helm repo add infrahq https://helm.infrahq.com/
helm repo update
helm install -n infrahq --create-namespace infra infrahq/infra
See Helm Chart reference for a complete list of options configurable through Helm.
Configure Infra
This example configuration uses Okta and grants the "Everyone" group read-only access to the default namespace. You will need:
- Okta domain
- Okta client ID
- Okta client secret
- Okta API token
- Cluster name
See Okta for detailed Okta configuration steps.
Cluster name is auto-discovered or can be set statically in Helm with engine.name.
# example values.yaml
---
config:
sources:
- kind: okta
domain: <Okta domain>
clientId: <Okta client ID>
clientSecret: <Okta client secret>
apiToken: <Okta API token>
groups:
- name: Everyone
roles:
- kind: role
name: viewer
destinations:
- name: <cluster name>
namespace: default
See the Configuration reference for a complete list of configurable options.
Update Infra With Your Configuration
helm repo update
helm upgrade -n infrahq -f values.yaml infra infrahq/infra
Install Infra CLI
Debian, Ubuntu
sudo echo 'deb [trusted=yes] https://apt.fury.io/infrahq/ /' >/etc/apt/sources.list.d/infrahq.list
sudo apt update
sudo apt install infra
Fedora, Red Hat Enterprise Linux
sudo dnf config-manager --add-repo https://yum.fury.io/infrahq/
sudo dnf install infra
macOS
brew install infrahq/tap/infra
Windows
scoop bucket add infrahq https://github.com/infrahq/scoop.git
scoop install infra
Access Your Infrastructure
First you need to get your Infra endpoint. This step may be different depending on your service type.
Ingress
INFRA_HOST=$(kubectl -n infrahq get ingress -l infrahq.com/component=registry -o jsonpath="{.items[].status.loadBalancer.ingress[*]['ip', 'hostname']}")
LoadBalancer
Note: It may take a few minutes for the LoadBalancer endpoint to be assigned. You can watch the status of the service with:
kubectl -n infrahq get services -l infrahq.com/component=registry -w
INFRA_HOST=$(kubectl -n infrahq get services -l infrahq.com/component=registry -o jsonpath="{.items[].status.loadBalancer.ingress[*]['ip', 'hostname']}")
ClusterIP
CONTAINER_PORT=$(kubectl -n infrahq get services -l infrahq.com/component=registry -o jsonpath="{.items[].spec.ports[0].port}")
kubectl -n infrahq port-forward services infra 8080:$CONTAINER_PORT &
INFRA_HOST='localhost:8080'
Once you have your infra host, it is time to login.
infra login $INFRA_HOST
Follow the instructions on screen to complete the login process.
See the Infra CLI reference for more ways to use infra.
Next Steps
Connect Additional Identity Sources
Connect Additional Infrastructure Destinations
Upgrade Infra
helm repo update
helm upgrade -f values.yaml infra infrahq.com/infra
Security
We take security very seriously. If you have found a security vulnerability please disclose it privately to us by email via security@infrahq.com.
Documentation
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package version is used check what the verson variable was set to when the running build was created.
|
Package version is used check what the verson variable was set to when the running build was created. |
|
logging
Package logging provides a shared logger and log utilities to be used in all internal packages.
|
Package logging provides a shared logger and log utilities to be used in all internal packages. |
|
tools/querylinter
Module
|
|
|
test
module
|
|
|
testutil
|
|