Authorize all developers to have read access to your clusters
We want to ensure every developer in our GitHub organization has access to our Kubernetes clusters.
The first thing we need to do is to set up an GitHub as an identity provider. For this we need to create a new OAuth Application in our GitHub Organization by filling out this form.
Once we create this application we are going to see something like this:
We need to copy the Client ID and Client Secret values into the form when adding an identity provider. You can find this field by accessing Administration > Identity Providers in the sidebar and clicking the Add Identity Provider button.
We configured the identity provider to load all groups, so now we need to map these groups to kubernetes groups. This is done by visiting Administration > Access Control and clicking the Create Group button. This will create a group that is federated to all connected clusters and it will describe the developers of our organization.
For this group to have an effect we need to connect it to a role, so let’s first create a role that allows us to view every resource.
Now that we have everything we can assign the “Read Everything” role to the developers group.
When we check our attached clusters and login as a user from our matched groups we can see every resource, but neither delete or edit them, just as we intended it to be.