Github Authorized Keys
Use GitHub teams to manage system user accounts and authorized_keys
Based on Github Authorized Keys
Table of Contents
- Quick start
- Installing the Chart
- Uninstalling the Chart
$ helm repo rm cloudposse-incubator 2>/dev/null $ helm repo add cloudposse-incubator https://charts.cloudposse.com/incubator $ helm install incubator/github-authorized-keys
- Kubernetes 1.4+ with Beta APIs enabled
- PV provisioner support in the underlying infrastructure
IMPORTANT: Because of nature of Github Authorized Keys it must be deployed as a “singleton” inside the kubernetes cluster. For this reason, only one release at a time is permitted. All additional releases will fail due to deliberate container name conflict.
Installing the Chart
Add charts repo
$ helm repo rm cloudposse-incubator 2>/dev/null $ helm repo add cloudposse-incubator https://charts.cloudposse.com/incubator
We recommend to install into kube-system namespace.
To install the chart:
$ helm install --namespace kube-system --name github-authorized-keys incubator/github-authorized-keys
We recommend to use
github-authorized-keys as release name.
The command deploys Github Authorized Keys on the Kubernetes cluster in the default configuration. The configuration section lists the parameters that can be configured during installation.
Tip: List all releases using
Uninstalling the Chart
To uninstall/delete the
$ helm delete --purge github-authorized-keys
The command removes all the Kubernetes components associated with the chart and deletes the release.
The following tables lists the configurable parameters of the Drupal chart and their default values.
||Github Authorized Keys image repository||
||Github Authorized Keys image tag||
||Github Authorized Keys image pull policy||
||Github api token||REQUIRED TO BE SPECIFIED|
||Github organization||REQUIRED TO BE SPECIFIED|
||Github team||REQUIRED TO BE SPECIFIED|
||Github team id||REQUIRED TO BE SPECIFIED|
||Users primary group id||“|
||Users secondary groups names (comma separated)||”|
||Sync users interval in seconds||
||Enable etcd fallback cache (read more [Etcd fallback cache])||
||Etcd cache node count||
||Etcd cache ttl in seconds||
||Template of create user command||
||Template of create user with specified primary group id command||
||Template of add user secondary group command||
||Template of user delete command||
||Template of ssh restart command||
The above parameters map to the env variables defined in cloudposse/github-authorized-keys. For more information please refer to the cloudposse/github-authorized-keys image and application documentation.
Specify each parameter using the
--set key=value[,key=value] argument to
helm install. For example,
$ helm install --name github-authorized-keys \ --set githubAPIToken=XXX,githubOrganization=cloudposse,githubTeam=devops \ incubator/github-authorized-keys
The above command sets the github token id, organization and team to
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
$ helm install --name github-authorized-keys -f values.yaml incubator/github-authorized-keys
Tip: You can use the default values.yaml
Etcd fallback cache
In case of any problems with availability of github.com github authorized keys can use etcd build-in cluster as fallback cache. It use fallback cache only for ssh authentication.
WARNING: If you want to use the build-in fallback cache you have to install etcd-operator previously. Use next command for do this
$ helm install stable/etcd-operator
To enable this feature you need to set true
Also you can specify size of the built-in etcd cluster by defining the
etcdTTL option to the number of seconds the cached data should be persisted before being expired and purged from the cache.
From functional point of view this is time between last successful login and last guaranteed login
(even if there is problem with connection to github.com).