Authentic-ate yourself to your Kubernetes cluster
Following up on our recent authentik recipe, I've updated our Kubernetes "Essentials" section to include cluster OIDC authentication, provided by authentik (among others).
Why bother with OIDC cluster authentication?
Consider the following downsides to a single, static, long-lived credential:
- It can get stolen
- It can't be shared (you might want to give your team access to the cluster, or even a limited subset of admin access)
- It can't be MFA'd
- Using it for the Kubernetes Dashboard (copying and pasting a token into a browser window) is a huge PITA
For the multi-step process to address all of this, see our Kubernetes OIDC Authentication guide!