infra

command module
v0.4.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 2, 2021 License: Apache-2.0 Imports: 2 Imported by: 0

README

Introduction

Infra is identity and access management for your cloud infrastructure. It puts the power of fine-grained access to infrastructure like Kubernetes in your hands via existing identity providers such as Okta, Google Accounts, Azure Active Directory and more.

Features:

  • Single-command access: infra login
  • No more out-of-sync user configurations
  • Fine-grained role assignment
  • Onboard and offboard users via Okta (Azure AD, Google, GitHub coming soon)
  • Audit logs for who did what, when (coming soon)

Quickstart

Prerequisites:

Install Infra

helm repo add infrahq https://helm.infrahq.com/
helm repo update
helm install -n infrahq --create-namespace infra infrahq/infra

See Helm Chart reference for a complete list of options configurable through Helm.

Configure Infra

This example configuration uses Okta and grants the "Everyone" group read-only access to the default namespace. You will need:

  • Okta domain
  • Okta client ID
  • Okta client secret
  • Okta API token
  • Cluster name

See Okta for detailed Okta configuration steps.

Cluster name is auto-discovered or can be set statically in Helm with engine.name.

Also see secrets.md for details on how secrets work.

# example values.yaml
---
config:
  secrets:
    - kind: kubernetes
      namespace: infrahq

  providers:
    - kind: okta
      domain: <Okta domain>
      clientID: <Okta client ID>
      clientSecret: <secret name>:<Okta client secret name>
      apiToken: <secret name>:<Okta API token name>

  groups:
    - name: Everyone
      roles:
          - kind: role
            name: viewer
            destinations:
              - name: <cluster name>
                namespaces:
                  - default

See the Configuration reference for a complete list of configurable options.

Update Infra With Your Configuration

helm repo update
helm upgrade -n infrahq -f values.yaml infra infrahq/infra

Install Infra CLI

Debian, Ubuntu
sudo echo 'deb [trusted=yes] https://apt.fury.io/infrahq/ /' >/etc/apt/sources.list.d/infrahq.list
sudo apt update
sudo apt install infra
Fedora, Red Hat Enterprise Linux
sudo dnf config-manager --add-repo https://yum.fury.io/infrahq/
sudo dnf install infra
macOS
brew install infrahq/tap/infra
Windows
scoop bucket add infrahq https://github.com/infrahq/scoop.git
scoop install infra

Access Your Infrastructure

First you need to get your Infra endpoint. This step may be different depending on your service type.

Ingress
INFRA_HOST=$(kubectl -n infrahq get ingress -l infrahq.com/component=infra -o jsonpath="{.items[].status.loadBalancer.ingress[*]['ip', 'hostname']}")
LoadBalancer

Note: It may take a few minutes for the LoadBalancer endpoint to be assigned. You can watch the status of the service with:

kubectl -n infrahq get services -l infrahq.com/component=infra -w
INFRA_HOST=$(kubectl -n infrahq get services -l infrahq.com/component=infra -o jsonpath="{.items[].status.loadBalancer.ingress[*]['ip', 'hostname']}")
ClusterIP
CONTAINER_PORT=$(kubectl -n infrahq get services -l infrahq.com/component=infra -o jsonpath="{.items[].spec.ports[0].port}")
kubectl -n infrahq port-forward services infra 8080:$CONTAINER_PORT &
INFRA_HOST='localhost:8080'

Once you have your infra host, it is time to login.

infra login $INFRA_HOST

Follow the instructions on screen to complete the login process.

See the Infra CLI reference for more ways to use infra.

Next Steps

Connect Additional Identity Providers

Connect Additional Infrastructure Destinations

Upgrade Infra

helm repo update
helm upgrade -n infrahq -f values.yaml infra infrahq/infra

Security

We take security very seriously. If you have found a security vulnerability please disclose it privately to us by email via security@infrahq.com.

Documentation

Documentation

The Go Gopher

There is no documentation for this package.

Directories

Path Synopsis
Package version is used check what the verson variable was set to when the running build was created.
Package version is used check what the verson variable was set to when the running build was created.
api
cmd
logging
Package logging provides a shared logger and log utilities to be used in all internal packages.
Package logging provides a shared logger and log utilities to be used in all internal packages.
test module
testutil

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL