rbacsync
skipper
rbacsync | skipper | |
---|---|---|
1 | 4 | |
236 | 3,020 | |
-0.4% | 0.7% | |
3.9 | 9.7 | |
5 months ago | 5 days ago | |
Go | Go | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
rbacsync
-
Struggling to understand how Google Groups for RBAC is scalable
Prior to google groups being supported in any manner we made rbacsync that does analogous. It's a custom controller that takes IaC declarations for rolebindings, and maps a given google group name to them on a per namespace or cluster basis. In GKE, this worked with a user's auth token from GCP (claims were in the JWT). Id expect it to work with your OIDC integration as well.
skipper
-
Using spring boot for a gateway
So my advice is: Don‘t implement anything someone else already did better and have a look at Skipper: https://github.com/zalando/skipper
-
Validating Admission Requests in a Validating Admission Webhook
That's all! You can find a complete example of an Admit func from the Validating Admission Webhook in Skipper. I've also included an abridged version at the end of this blog post.
-
Making the ValidatingWebhook Testable
This series is based on my experience adding a ValidatingAdmissionWebhook to Skipper, modern HTTP proxy.
-
Parsing Admission Requests in a Validating Admission Webhook
You can find an abridged version of admission.Handler under "Reference". For a complete example of a validating admission webhook being used in production, checkout the validating admission webhook in Skipper, our HTTP reverse proxy.
What are some alternatives?
openunison-k8s-login-oidc - Kubernetes login portal for both kubectl and the dashboard using OpenID Connect. Use groups from your assertion in RBAC policies to control access to your cluster. Supports impersonation and OpenID Connect integration with your API server.
opera-proxy - Standalone client for proxies of Opera VPN
nifikop - The NiFiKop NiFi Kubernetes operator makes it easy to run Apache NiFi on Kubernetes. Apache NiFI is a free, open-source solution that support powerful and scalable directed graphs of data routing, transformation, and system mediation logic.
kube-httpcache - Varnish Reverse Proxy on Kubernetes
argocd-operator - A Kubernetes operator for managing Argo CD clusters.
application-gateway-kubernetes-ingress - This is an ingress controller that can be run on Azure Kubernetes Service (AKS) to allow an Azure Application Gateway to act as the ingress for an AKS cluster.
k8s-pod-restart-info-collector - Automated troubleshooting of Kubernetes Pods issues. Collect K8s pod restart reasons, logs, and events automatically.
botkube - An app that helps you monitor your Kubernetes cluster, debug critical deployments & gives recommendations for standard practices
haproxy-ingress - HAProxy Ingress
spicedb-operator - Kubernetes controller for managing instances of SpiceDB
k8tz - Kubernetes admission controller and a CLI tool to inject timezones into Pods and CronJobs