ksoclabs / kube-goat

A deliberately vulnerable Kubernetes cluster
117 stars 38 forks source link

As a user I am able to log in to the cluster anonymously. #4

Open jmbmxer opened 5 years ago

jmbmxer commented 5 years ago

Motivation

anonymous-auth=true is bad when combined with authorization-mode=AlwaysAllow. We will enable this and figure out how to expose a key to the user that is applicable.

Acceptance

Design Ideas

pbnj commented 5 years ago

Working on this with a local kind cluster.

Spent a good chunk of time debugging an issue that turned out to be kind configuration format/parsing quirk, but making good progress now.

jmbmxer commented 5 years ago

This is complete using KOPS on GCP with the following lines:

https://github.com/ksoclabs/kube-goat/blob/0f77c6fc77154f2fcbdf22b3c0d29849636a822f/examples/kops/gcp/kops_gcp_config.yaml#L10

https://github.com/ksoclabs/kube-goat/blob/0f77c6fc77154f2fcbdf22b3c0d29849636a822f/examples/kops/gcp/kops_gcp_config.yaml#L27