Kerbernetes is a Kubernetes authentication service that integrates with Kerberos and LDAP for secure access control.
sequenceDiagram
participant Client
participant KDC as Kerberos KDC
participant Kerbernetes as Kerbernetes API
participant LDAP as LDAP Server
participant Kubernetes as Kubernetes API Server
Client->>KDC: kinit user@EXAMPLE.COM (request TGT)
KDC-->>Client: TGT (Ticket Granting Ticket)
Client->>KDC: Request Service Ticket for HTTP/kerbernetes.example.com
KDC-->>Client: Service Ticket (TGS)
Client->>Kerbernetes: HTTPS request with SPNEGO token
Kerbernetes->>KDC: Validate SPNEGO ticket
KDC-->>Kerbernetes: Ticket valid
alt LDAP integration enabled
Kerbernetes->>LDAP: Lookup user & groups
LDAP-->>Kerbernetes: User info & groups
end
Kerbernetes->>Kubernetes: Map user/groups to RBAC roles
Kubernetes-->>Kerbernetes: Authorization result
Kerbernetes-->>Client: Response with auth token / access granted
- Kerberos-based authentication endpoint.
- LDAP integration for user and group management.
- Automatic reconciliation of Kubernetes RoleBindings and ClusterRoleBindings.
See the Setup Guide for detailed instructions on how to set up Kerbernetes in your environment.
Kerbernetes can be deployed using Helm. The Helm chart is available on Artifact Hub.
helm repo add froz42 oci://ghcr.io/froz42/kerbernetes
helm install kerbernetes froz42/kerbernetesContributions are welcome! To contribute:
-
Fork the repository.
-
Create a new branch:
git checkout -b feature-name
-
Commit your changes following the conventionnal commit message format:
git commit -m "feat: add new feature" -
Push to your branch:
git push origin feature-name
-
Open a pull request.
MIT License
Copyright (c) 2025 froz
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.