Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
GitHub as an Authenticator
Search
Shimpei Otsubo
June 12, 2018
Technology
3
670
GitHub as an Authenticator
Shimpei Otsubo
June 12, 2018
Tweet
Share
More Decks by Shimpei Otsubo
See All by Shimpei Otsubo
Copy Kubernetes Clusters Really Fast
potsbo
3
4.3k
Go と Wantedly の関係 / How Wantedly uses Go
potsbo
1
830
Deploy Flow at Wantedly
potsbo
2
930
Wrap every method with just one line
potsbo
1
4.7k
Zero yen Keyboard
potsbo
6
3.2k
Kube - The core tool at Wantedly
potsbo
1
7.7k
k8s - Kubernetes 8 Factors
potsbo
12
11k
コンテンツ作成に集中するためのプレゼンテーション Tips / Presentation with Confidence
potsbo
7
40k
ConfigMap vs Secret #k8sjp
potsbo
1
1.4k
Other Decks in Technology
See All in Technology
AI Ready API ─ AI時代に求められるAPI設計とは?/ AI-Ready API - Designing MCP and APIs in the AI Era
yokawasa
21
5.8k
株式会社島津製作所_研究開発(集団協業と知的生産)の現場を支える、OSS知識基盤システムの導入
akahane92
1
1.2k
AI工学特論: MLOps・継続的評価
asei
10
1.6k
経験がないことを言い訳にしない、 AI時代の他領域への染み出し方
parayama0625
0
160
20150719_Amazon Nova Canvas Virtual try-onアプリ 作成裏話
riz3f7
0
130
スプリントレビューを効果的にするために
miholovesq
9
1.6k
RapidPen: AIエージェントによる高度なペネトレーションテスト自動化の研究開発
laysakura
1
390
公開初日に個人環境で試した Gemini CLI 体験記など / Gemini CLI実験レポート
you
PRO
3
340
Bliki (ja), and the Cathedral, and the Bazaar
koic
8
1.3k
QAを早期に巻き込む”って どうやるの? モヤモヤから抜け出す実践知
moritamasami
2
180
BEYOND THE RAG🚀 ~とりあえずRAG?を超えていけ! 本当に使えるAIエージェント&生成AIプロダクトを目指して~ / BEYOND-THE-RAG-Toward Practical-GenerativeAI-Products-AOAI-DevDay-2025
jnymyk
4
230
データ駆動経営の道しるべ:プロダクト開発指標の戦略的活用法
ham0215
2
230
Featured
See All Featured
YesSQL, Process and Tooling at Scale
rocio
173
14k
Practical Orchestrator
shlominoach
189
11k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Done Done
chrislema
184
16k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Why You Should Never Use an ORM
jnunemaker
PRO
58
9.5k
Bash Introduction
62gerente
613
210k
Art, The Web, and Tiny UX
lynnandtonic
301
21k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
53
2.9k
GitHub's CSS Performance
jonrohan
1031
460k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
229
22k
Side Projects
sachag
455
43k
Transcript
©2018 Wantedly, Inc. GitHub as an Authenticator શ෦ GitHub Ͱཧͯ͠ΈΔ
GitHub Satellite Tokyo LT 12.Jun.2018 - Shimpei Otsubo - @potsbo
©2018 Wantedly, Inc. ࣾһ໊Ͳ͏ͯ͠·͔͢ʁ ݖݶཧͲ͏ͯ͠·͔͢ʁ ใڞ༗Ͳ͏ͯ͠·͔͢ʁ
©2018 Wantedly, Inc. શ෦GitHub ࣾһ໊Ͳ͏ͯ͠·͔͢ʁ ݖݶཧͲ͏ͯ͠·͔͢ʁ ใڞ༗Ͳ͏ͯ͠·͔͢ʁ
©2018 Wantedly, Inc. GitHub ๏ ࣾͳΜͰ(JU)VC (JU)VCΛͬͯ๏ίϛϡχέʔγϣϯͷεϐʔυΛഒʹͨ͠ ใڞ༗͜͏ͯ͠·͢ IUUQTXXXXBOUFEMZDPNDPNQBOJFTXBOUFEMZQPTU@BSUJDMFT ʮJTTVFͭͬͨ͘ʁʯ
ίʔυϨϏϡʔهٞேձඪ݁Ռʜ ࣾશһ(JU)VC ೖࣾϑϩʔ(JU)VCΞΧϯτͷ࡞͔Β
©2018 Wantedly, Inc. ৫্ͷνʔϜͱ(JU)VCͷνʔϜ͕ରԠ infrastructure full-time-employee visit people short-term-intern long-term-intern
engineers ଐੑཧ ৫ߏ ruby … … ࣾһ໊͜͏ͯ͠·͢
©2018 Wantedly, Inc. (JU)VC5FBNΛϕʔεʹೝՄ )3ͷϑϩʔʹΔ͚ͩͰྑ͍ ݖݶͷ֎͠Ε͕ͳ͍ e.g. full-time-employee => ok
org ͔Β֎ͤࣗಈతʹશݖݶΛ revoke Ͱ͖Δ HR ͷೖୀࣾϑϩʔͰେମok ݖݶཧ͜͏ͯ͠·͢
©2018 Wantedly, Inc. ssh Results K public key ಛఆͷνʔϜͷਓ͚ͩTTIΛڐՄ͍ͨ͠ kenmon
ssh Production Results K enmon ݕ ಛఆteam ʹೖ͍ͬͯΔͱ production access ͷ ssh ΛڐՄ SSH Proxy with GitHub Private Keys by wantedly
©2018 Wantedly, Inc. એݴ͞Εͨ6TFSOBNFͷެ։伴ͰϩάΠϯ ಛఆͷ5FBNॴଐ͔Λ͔֬ΊΔ తͷ4FSWFSͷ44)ΛڐՄ ಛఆͷνʔϜͷਓ͚ͩTTIΛڐՄ͍ͨ͠
ssh Results K public key kenmon ssh Production Results
©2018 Wantedly, Inc. Team ͝ͱʹҟͳΔk8sͷૢ࡞ΛڐՄ͍ͨ͠ G Token Token Teams Groups
RBAC!! genmon TokenReview G enmon ݳ ֤ team ʹରͯ͠ దͳݖݶΛ༩ by wantedly Webhook token authenticator for Kubernetes Results Token
©2018 Wantedly, Inc. %BFNPO4FUͰ֤NBTUFSʹHFONPO͕ଘࡏ 8FCIPPL"VUIFOUJDBUJPOͰHFONPO 5FBN(SPVQͱͯ͠ѻ͍3#"$ https://github.com/appscode/guard
https://github.com/oursky/kubernetes-github-authn ࢀߟ࣮ https://kubernetes.io/docs/admin/authentication/#webhook-token-authentication Role Based Access Control Team ͝ͱʹҟͳΔk8sͷૢ࡞ΛڐՄ͍ͨ͠ G Token Token Teams Groups RBAC!! genmon TokenReview Results Token
©2018 Wantedly, Inc. K enmon ݕ ಛఆteam ʹೖ͍ͬͯΔͱ production access
ͷ ssh ΛڐՄ G enmon ݳ ֤ team ʹରͯ͠ దͳݖݶΛ༩ by wantedly SSH Proxy with GitHub Private Keys Webhook token authenticator for Kubernetes by wantedly
©2018 Wantedly, Inc. ࣾશһGitHubʹೖΕͪΌ͓͏ GitHubΛೝূαʔϏεͱ͓ͯ͠͏ ৫ߏͱTeamߏΛ߹ΘͤΑ͏ Summary