Single Sign-On for Kubernetes - Joel Speed, Pusher
Abstract
User management is hard. At Pusher, with an expanding engineering team, we wanted to build a simple identity management experience within our Kubernetes infrastructure. In this talk, I explore authentication options and demonstrate how Single Sign-On works within our Kubernetes clusters. Kubernetes supports a Single Sign-On protocol called OpenID Connect (OIDC). I’ll take a deep dive into how OIDC authentication flows work before showing how we created a simple log-in experience for our Developers with features such as short-lived tokens, automatic refreshing, group management and a unified identity between the command line (Kubectl) and the browser (Kubernetes Dashboard).