Make Tekton Dashboard user authenticated at EKS using AWS Cognito

Cloud Computing Identity Provider Developer Tools

Amazon EKS Landing Page

1

Amazon EKS

Amazon EKS makes it easy for you to run Kubernetes on AWS without needing to install and operate your own Kubernetes clusters.

The goal of this post is to add authentication to Tekton Dashboard installed at AWS EKS If you are only interested to install the Dashboard and keep it publicly accessible, have a look at my previous blog post on Expose EKS tekton pipeline dashboard with ssl enabled.

#Cloud Computing #Developer Tools #DevOps Tools 70 social mentions
Amazon Cognito Landing Page

2

Amazon Cognito

Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. It scales to millions of users and supports sign-in with social identity providers and enterprise identity providers via SAML 2.0.

-- There will be a oauth2-proxy service deployed -- This service will be exposed via the loadbalancer and the loadbalancer will be mapped against the your domain eg tekton-dashboard.myeks.com -- The upstream of the oauth-proxy service is the tekton-dashboard service. -- We will use AWS Cognito as the OIDC provider for oauth2-proxy service ie user will be authenticated via AWS Cognito. -- With the above setup, when the end user will request for the tekton-dashboard (with eg tekton-dashboard.myeks.com) it will first hit the oauth2 proxy service. -- The oauth2-proxy service will forward the request to AWS Cognito to check if the user is authenticated. -- If authenticated, the user is logged in and can see the tekton-dashboard.

#Identity Provider #SAML #Identity And Access Management 69 social mentions