AppsCode
  • KubeDB

    Run Production-Grade Databases on Kubernetes

    Stash

    Backup and Recovery Solution for Kubernetes

    KubeVault

    Run Production-Grade Vault on Kubernetes

    Voyager

    Secure Ingress Controller for Kubernetes

    ConfigSyncer

    Kubernetes Configuration Syncer

    Guard

    Kubernetes Authentication WebHook Server

    KubeDB

    KubeDB simplifies Provisioning, Upgrading, Scaling, Volume Expansion, Monitor, Backup, Restore for various Databases in Kubernetes on any Public & Private Cloud

    • check-boxLower administrative burden
    • check-boxNative Kubernetes Support
    • check-boxPerformance
    • check-boxAvailability and durability
    • check-boxManageability
    • check-boxCost-effectiveness
    • check-boxSecurity
    Stash

    A complete Kubernetes native disaster recovery solution for backup and restore your volumes and databases in Kubernetes on any public and private clouds.

    • check-boxDeclarative API
    • check-boxBackup Kubernetes Volumes
    • check-boxBackup Database
    • check-boxMultiple Storage Support
    • check-boxDeduplication
    • check-boxData Encryption
    • check-boxVolume Snapshot
    • check-boxPolicy Based Backup
    KubeVault

    KubeVault is a Git-Ops ready, production-grade solution for deploying and configuring Hashicorp's Vault on Kubernetes.

    • check-boxVault Kubernetes Deployment
    • check-boxAuto Initialization & Unsealing
    • check-boxVault Backup & Restore
    • check-boxConsume KubeVault Secrets with CSI
    • check-boxManage DB Users Privileges
    • check-boxStorage Backend
    • check-boxAuthentication Method
    • check-boxDatabase Secret Engine
    Voyager

    Secure Ingress Controller for Kubernetes

    • check-boxHTTP & TCP
    • check-boxSSL
    • check-boxPlatform support
    • check-boxHAProxy
    • check-boxPrometheus
    • check-boxLet's Encrypt
    configsyncer

    Kubernetes Configuration Syncer

    • check-boxConfiguration Syncer
    Guard

    Kubernetes Authentication WebHook Server

    • check-boxIdentity Providers
    • check-boxCLI
    • check-boxRBAC
  • RESOURCES
  • Webinar New
CONTACT SALES
Guard
github-icon twitterx-icon
TRY NOW FREE

Gitlab Authenticator

Guard installation guide can be found here. To use Gitlab, you need a client cert with Organization set to Gitlab. To ease this process, use the Guard cli to issue a client cert/key pair.

$ guard init client {common-name} -o Gitlab

Deploy Guard Server

To generate installer YAMLs for guard server you can use the following command.

$ guard get installer \
    --auth-providers="gitlab" \
    > installer.yaml

$ kubectl apply -f installer.yaml

Additional flags for gitlab:

# Base url for GitLab, keep empty to use default gitlab base url
--gitlab.base-url=<base_url>

# Use group ID for authentication instead of group full path (default: false)
--gitlab.use-group-id

The GitLab base-url needs to include the path to the API. For example https://<base-url>/api/v4

Please note that, since 0.3.0 release, Guard server will return group full path as groups in UserInfo. This will cahnge how subgroups are returned in UserInfo. Also note that, group names are not stable and editable in Gitlab. To returns group ids (stable) in UserInfo, set --gitlab.use-group-id=true in guard server binary.

$ guard get installer \
    --auth-providers="gitlab" \
    --gitlab.use-group-id=true \
    > installer.yaml

Issue Token

To use Gitlab authentication, you can use your personal access token with scope api. You can use the following command to issue a token:

$ guard get token -o gitlab

gitlab-token

Guard uses the token found in TokenReview request object to read user’s profile information and list of groups this user is member of. In the TokenReview response, status.user.username is set to user’s Gitlab login, status.user.groups is set to the list of the groups where this user is a member.

gitlab-webhook-flow

{
  "apiVersion": "authentication.k8s.io/v1",
  "kind": "TokenReview",
  "status": {
    "authenticated": true,
    "user": {
      "username": "<gitlab-login>",
      "uid": "<gitlab-id>",
      "groups": [
        "<group-1>",
        "<group-2>"
      ]
    }
  }
}

Configure Kubectl

kubectl config set-credentials <user_name> --token=<token>

Or You can add user in .kube/confg file

...
users:
- name: <user_name>
  user:
    token: <token>

$ kubectl get pods --all-namespaces --user <user_name>
NAMESPACE     NAME                               READY     STATUS    RESTARTS   AGE
kube-system   etcd-minikube                      1/1       Running   0          7h
kube-system   kube-addon-manager-minikube        1/1       Running   0          7h
kube-system   kube-apiserver-minikube            1/1       Running   1          7h
kube-system   kube-controller-manager-minikube   1/1       Running   0          7h
kube-system   kube-dns-6f4fd4bdf-f7csh           3/3       Running   0          7h

What's on this Page

Search
Improve This Page