k8s-pixy-auth - k8s plugin to authenticate against an OIDC compatible issuer using PKCE (pixy) flow

  •        76

As of Kubernetes v1.11 there is beta support for a client-go credentials plugin. Using the support it is possible to use an Auth0 application to authenticate users and provide tokens with which a correctly configured Kubernetes cluster can authorize user actions. At this point in the project installation is manual. In the future this will be automated.




Related Projects

aws-iam-authenticator - A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster

  •    Go

A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster. The initial work on this tool was driven by Heptio. The project recieves contributions from multiple community engineers and is currently maintained by Heptio and Amazon EKS OSS Engineers. If you are an administrator running a Kubernetes cluster on AWS, you already need to manage AWS IAM credentials to provision and update the cluster. By using AWS IAM Authenticator for Kubernetes, you avoid having to manage a separate credential for Kubernetes access. AWS IAM also provides a number of nice properties such as an out of band audit trail (via CloudTrail) and 2FA/MFA enforcement.

kubectl-trace - Schedule bpftrace programs on your kubernetes cluster using the kubectl

  •    Go

kubectl trace is a kubectl plugin that allows you to schedule the execution of bpftrace programs in your Kubernetes cluster. You can't find the package for your distro of choice? You are very welcome and encouraged to create it and then open an issue to inform us for review.

node-oidc-provider - OpenID Provider(OP) implementation for node

  •    Javascript

oidc-provider is an OpenID Provider implementation of OpenID Connect. It allows to export a complete mountable or standalone OpenID Provider implementation. This implementation does not dictate a fixed data models or persistence store, instead, you must provide adapters for these. A generic in memory adapter is available to get you started as well as feature-less dev-only views to be able to get off the ground. The following specifications are implemented by oidc-provider. Note that not all features are enabled by default, check the configuration section on how to enable them.

aws-service-operator - AWS Service Operator allows you to create AWS resources using kubectl.

  •    Go

The AWS Service Operator allows you to manage AWS resources using Kubernetes Custom Resource Definitions. Using the AWS Service Operator enables a gitops workflow to drive your infrastructure to the desired state leveraging Kubernetes Custom Resource Definitions (CRD), the Kubernetes internal control loop, and AWS cloudformation orchestration. Read more about "operators" here.

kubeadm-ha - Kubernetes high availiability deploy based on kubeadm (for v1

  •    Smarty

kube-apiserver: exposes the Kubernetes API. It is the front-end for the Kubernetes control plane. It is designed to scale horizontally – that is, it scales by deploying more instances. etcd: is used as Kubernetes’ backing store. All cluster data is stored here. Always have a backup plan for etcd’s data for your Kubernetes cluster. kube-scheduler: watches newly created pods that have no node assigned, and selects a node for them to run on. kube-controller-manager: runs controllers, which are the background threads that handle routine tasks in the cluster. Logically, each controller is a separate process, but to reduce complexity, they are all compiled into a single binary and run in a single process. kubelet: is the primary node agent. It watches for pods that have been assigned to its node (either by apiserver or via local configuration file) kube-proxy: enables the Kubernetes service abstraction by maintaining network rules on the host and performing connection forwarding. keepalived cluster config a virtual IP address (, this virtual IP address point to k8s-master01, k8s-master02, k8s-master03. nginx service as the load balancer of k8s-master01, k8s-master02, k8s-master03's apiserver. The other nodes kubernetes services connect the keepalived virtual ip address ( and nginx exposed port (16443) to communicate with the master cluster's apiservers.

kubectl-debug - Debug your pod by a new container with every troubleshooting tools pre-installed

  •    Go

kubectl-debug is an out-of-tree solution for troubleshooting running pods, which allows you to run a new container in running pods for debugging purpose. The new container will join the pid, network, user and ipc namespaces of the target container, so you can use arbitrary trouble-shooting tools without pre-install them in your production container image. For windows user, download the latest binary from the release page and add it to your PATH.

socketio-jwt - Authenticate socket.io incoming connections with JWTs

  •    Javascript

Authenticate socket.io incoming connections with JWTs. This is useful if you are build a single page application and you are not using cookies as explained in this blog post: Cookies vs Tokens. Getting auth right with Angular.JS. This repo is supported and maintained by Community Developers, not Auth0. For more information about different support levels check https://auth0.com/docs/support/matrix .

kube-shell - Kubernetes shell: An integrated shell for working with the Kubernetes CLI

  •    Python

Under the hood kube-shell still calls kubectl. Kube-shell aims to provide ease-of-use of kubectl and increasing productivity.You can use up-arrow and down-arrow to walk through the history of commands executed. Also up-arrow partial string matching is possible. For e.g. enter 'kubectl get' and use up-arrow and down-arrow to browse through all kubectl get commands. You could also use CTRL+r to search from the history of commands.

k3sup - k3sup: from Zero to KUBECONFIG in < 1 min

  •    Go

k3sup is a light-weight utility to get from zero to KUBECONFIG with k3s on any local or remote VM. All you need is ssh access and the k3sup binary to get kubectl access immediately. The tool is written in Go and is cross-compiled for Linux, Windows, MacOS and even on Raspberry Pi.

krew - 📦 Package manager for "kubectl plugins"

  •    Go

krew is the package manager for kubectl plugins. krew is a tool that makes it easy to use kubectl plugins. krew helps you discover plugins, install and manage them on your machine. It is similar to tools like apt, dnf or brew.

kube-ps1 - Kubernetes prompt info for bash and zsh

  •    Shell

A script that lets you add the current Kubernetes context and namespace configured on kubectl to your Bash/Zsh prompt strings (i.e. the $PS1). Inspired by several tools used to simplify usage of kubectl.

kubernetes-vault - Use Vault to store secrets for Kubernetes!

  •    Go

The Kubernetes-Vault project allows pods to automatically receive a Vault token using Vault's AppRole auth backend.To run Kubernetes-Vault on your cluster, follow the quick start guide.

jwt-auth-guard - JWT Auth Guard for Laravel and Lumen Frameworks.

  •    PHP

JWT Auth Guard is a Laravel & Lumen Package that lets you use jwt as your driver for authentication guard in your application. The Guard uses tymon/jwt-auth package for authentication and token handling.

k3os - Purpose built OS for Kubernetes, fully managed by Kubernetes.

  •    Go

k3OS is a Linux distribution designed to remove as much as possible OS maintenance in a Kubernetes cluster. It is specifically designed to only have what is need to run k3s. Additionally the OS is designed to be managed by kubectl once a cluster is bootstrapped. Nodes only need to join a cluster and then all aspects of the OS can be managed from Kubernetes. Both k3OS and k3s upgrades are handled by the k3OS operator. Download the ISO from the latest release and run in VMware, VirtualBox, or KVM. The server will automatically start a single node Kubernetes cluster. Log in with the user rancher and run kubectl. This is a "live install" running from the ISO media and changes will not persist after reboot.

laravel-auth-token - Hooks into the laravel auth module and provides an auth token upon success

  •    PHP

Hooks into the laravel auth module and provides an auth token upon success. This token is really only secure in https environment. This main purpose for this module was to provide an auth token to javascript web app which could be used to identify users on api calls. Use composer to install this package.

faas-netes - Enable Kubernetes as a backend for OpenFaaS (Functions as a Service)

  •    Go

This is a plugin to enable Kubernetes as an OpenFaaS backend. The existing CLI and UI are fully compatible. It also opens up the possibility for other plugins to be built for orchestation frameworks such as Nomad, Mesos/Marathon or even a cloud-managed back-end such as Hyper.sh or Azure ACI.OpenFaaS is an event-driven serverless framework for containers. Any container for Windows or Linux can be leveraged as a serverless function. OpenFaaS is quick and easy to deploy (less than 60 secs) and lets you avoid writing boiler-plate code.

Cierge - 🗝️ Passwordless OIDC authentication done right

  •    CSharp

Cierge is an OpenID Connect server that handles user signup, login, profiles, management, social logins, and more. Instead of storing passwords, Cirege uses magic links/codes and external logins to authenticate your users. Passwords are insecure by default. Cierge does away by the illusion of security passwords give ("forgot password" usually relies upon email-based auth at the end of the day).

kubeadm-dind-cluster - A Kubernetes multi-node test cluster based on kubeadm

  •    Shell

A Kubernetes multi-node cluster for developer of Kubernetes and projects that extend Kubernetes. Based on kubeadm and DIND (Docker in Docker). Supports both local workflows and workflows utilizing powerful remote machines/cloud instances for building Kubernetes, starting test clusters and running e2e tests.