Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
GitHub as an Authenticator
Search
Shimpei Otsubo
June 12, 2018
Technology
3
630
GitHub as an Authenticator
Shimpei Otsubo
June 12, 2018
Tweet
Share
More Decks by Shimpei Otsubo
See All by Shimpei Otsubo
Copy Kubernetes Clusters Really Fast
potsbo
3
4k
Go と Wantedly の関係 / How Wantedly uses Go
potsbo
1
780
Deploy Flow at Wantedly
potsbo
2
810
Wrap every method with just one line
potsbo
1
4.3k
Zero yen Keyboard
potsbo
6
3k
Kube - The core tool at Wantedly
potsbo
1
7.2k
k8s - Kubernetes 8 Factors
potsbo
12
10k
コンテンツ作成に集中するためのプレゼンテーション Tips / Presentation with Confidence
potsbo
7
38k
ConfigMap vs Secret #k8sjp
potsbo
1
1.3k
Other Decks in Technology
See All in Technology
CysharpのOSS群から見るModern C#の現在地
neuecc
2
3.5k
New Relicを活用したSREの最初のステップ / NRUG OKINAWA VOL.3
isaoshimizu
3
630
安心してください、日本語使えますよ―Ubuntu日本語Remix提供休止に寄せて― 2024-11-17
nobutomurata
1
1k
マルチプロダクトな開発組織で 「開発生産性」に向き合うために試みたこと / Improving Multi-Product Dev Productivity
sugamasao
1
310
強いチームと開発生産性
onk
PRO
35
11k
IBC 2024 動画技術関連レポート / IBC 2024 Report
cyberagentdevelopers
PRO
1
110
The Rise of LLMOps
asei
8
1.7k
DynamoDB でスロットリングが発生したとき_大盛りver/when_throttling_occurs_in_dynamodb_long
emiki
1
430
Oracle Cloud Infrastructureデータベース・クラウド:各バージョンのサポート期間
oracle4engineer
PRO
28
13k
OCI 運用監視サービス 概要
oracle4engineer
PRO
0
4.8k
SRE×AIOpsを始めよう!GuardDutyによるお手軽脅威検出
amixedcolor
0
180
飲食店データの分析事例とそれを支えるデータ基盤
kimujun
0
170
Featured
See All Featured
Speed Design
sergeychernyshev
25
620
What's new in Ruby 2.0
geeforr
343
31k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
232
17k
What's in a price? How to price your products and services
michaelherold
243
12k
Statistics for Hackers
jakevdp
796
220k
Making Projects Easy
brettharned
115
5.9k
Documentation Writing (for coders)
carmenintech
65
4.4k
Gamification - CAS2011
davidbonilla
80
5k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
44
6.8k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
Code Review Best Practice
trishagee
64
17k
Fashionably flexible responsive web design (full day workshop)
malarkey
405
65k
Transcript
©2018 Wantedly, Inc. GitHub as an Authenticator શ෦ GitHub Ͱཧͯ͠ΈΔ
GitHub Satellite Tokyo LT 12.Jun.2018 - Shimpei Otsubo - @potsbo
©2018 Wantedly, Inc. ࣾһ໊Ͳ͏ͯ͠·͔͢ʁ ݖݶཧͲ͏ͯ͠·͔͢ʁ ใڞ༗Ͳ͏ͯ͠·͔͢ʁ
©2018 Wantedly, Inc. શ෦GitHub ࣾһ໊Ͳ͏ͯ͠·͔͢ʁ ݖݶཧͲ͏ͯ͠·͔͢ʁ ใڞ༗Ͳ͏ͯ͠·͔͢ʁ
©2018 Wantedly, Inc. GitHub ๏ ࣾͳΜͰ(JU)VC (JU)VCΛͬͯ๏ίϛϡχέʔγϣϯͷεϐʔυΛഒʹͨ͠ ใڞ༗͜͏ͯ͠·͢ IUUQTXXXXBOUFEMZDPNDPNQBOJFTXBOUFEMZQPTU@BSUJDMFT ʮJTTVFͭͬͨ͘ʁʯ
ίʔυϨϏϡʔهٞேձඪ݁Ռʜ ࣾશһ(JU)VC ೖࣾϑϩʔ(JU)VCΞΧϯτͷ࡞͔Β
©2018 Wantedly, Inc. ৫্ͷνʔϜͱ(JU)VCͷνʔϜ͕ରԠ infrastructure full-time-employee visit people short-term-intern long-term-intern
engineers ଐੑཧ ৫ߏ ruby … … ࣾһ໊͜͏ͯ͠·͢
©2018 Wantedly, Inc. (JU)VC5FBNΛϕʔεʹೝՄ )3ͷϑϩʔʹΔ͚ͩͰྑ͍ ݖݶͷ֎͠Ε͕ͳ͍ e.g. full-time-employee => ok
org ͔Β֎ͤࣗಈతʹશݖݶΛ revoke Ͱ͖Δ HR ͷೖୀࣾϑϩʔͰେମok ݖݶཧ͜͏ͯ͠·͢
©2018 Wantedly, Inc. ssh Results K public key ಛఆͷνʔϜͷਓ͚ͩTTIΛڐՄ͍ͨ͠ kenmon
ssh Production Results K enmon ݕ ಛఆteam ʹೖ͍ͬͯΔͱ production access ͷ ssh ΛڐՄ SSH Proxy with GitHub Private Keys by wantedly
©2018 Wantedly, Inc. એݴ͞Εͨ6TFSOBNFͷެ։伴ͰϩάΠϯ ಛఆͷ5FBNॴଐ͔Λ͔֬ΊΔ తͷ4FSWFSͷ44)ΛڐՄ ಛఆͷνʔϜͷਓ͚ͩTTIΛڐՄ͍ͨ͠
ssh Results K public key kenmon ssh Production Results
©2018 Wantedly, Inc. Team ͝ͱʹҟͳΔk8sͷૢ࡞ΛڐՄ͍ͨ͠ G Token Token Teams Groups
RBAC!! genmon TokenReview G enmon ݳ ֤ team ʹରͯ͠ దͳݖݶΛ༩ by wantedly Webhook token authenticator for Kubernetes Results Token
©2018 Wantedly, Inc. %BFNPO4FUͰ֤NBTUFSʹHFONPO͕ଘࡏ 8FCIPPL"VUIFOUJDBUJPOͰHFONPO 5FBN(SPVQͱͯ͠ѻ͍3#"$ https://github.com/appscode/guard
https://github.com/oursky/kubernetes-github-authn ࢀߟ࣮ https://kubernetes.io/docs/admin/authentication/#webhook-token-authentication Role Based Access Control Team ͝ͱʹҟͳΔk8sͷૢ࡞ΛڐՄ͍ͨ͠ G Token Token Teams Groups RBAC!! genmon TokenReview Results Token
©2018 Wantedly, Inc. K enmon ݕ ಛఆteam ʹೖ͍ͬͯΔͱ production access
ͷ ssh ΛڐՄ G enmon ݳ ֤ team ʹରͯ͠ దͳݖݶΛ༩ by wantedly SSH Proxy with GitHub Private Keys Webhook token authenticator for Kubernetes by wantedly
©2018 Wantedly, Inc. ࣾશһGitHubʹೖΕͪΌ͓͏ GitHubΛೝূαʔϏεͱ͓ͯ͠͏ ৫ߏͱTeamߏΛ߹ΘͤΑ͏ Summary