Seite wählen

NWS-ID for your Managed Kubernetes!

von | Mrz 29, 2023 | Web Services, DevOps & Container, Kubernetes

First Cloud, now Kubernetes – the integration of NWS-ID with our portfolio continues! As a next step, we will merge your Managed Kubernetes clusters with NWS-ID. Credit goes to Justin for extending our cluster stack with OpenID-Connect (OIDC), the base for NWS-ID!

How can you use your Kubernetes Cluster with NWS-ID?

All you need is kubelogin, a plugin for kubectl, and a customized kubeconfig, which can be downloaded in the NWS Customer Interface. But: this applies to newly started clusters only. Older installations need some action from you! Let’s go and see, what other scenarios there are!

If you have a cluster running with a Kubernetes v1.23 or greater, just enable NWS-ID in the Customer Interface. This will restart the kube-apiserver with some new parameters which will authenticate your requests against NWS-ID using OpenID-Connect.

For clusters in version v1.22 or less you need to update your cluster at least to v1.23 and enable NWS-ID in the Customer Interface. After your cluster is ready for NWS-ID you need to pimp your kubectl for OpenID-Connect.

kubectl and kubelogin

kubelogin is a plugin for kubectl, which enables authentication via OIDC. It is easily installed with brew, krew, choco or Github Releases as described in the official documentation. After the installation, just download your kubeconfig for NWS-ID from the Customer Interface and start using kubectl as usual!

If you have multiple Managed Kubernetes clusters it is easy to switch the context with kubectl config use-context MyCluster.

Permissions and Roles

If you’re not an admin in your organization, they must authorize your NWS-ID. This happens as usual in the user group management in the Customer Interface. As admin you can grant two different roles to your colleagues. Choose between admin and reader which will be mapped the to corresponding Kubernetes cluster role.

If you need some more detailed help, just have a look into our docs for User and Groups and Permissons.

What are the advantages of integrating our Managed Kubernetes with NWS-ID?

Combining these two services makes your daily work easier, because now you can:

  1. use a single login for the NWS Customer Interface, the Cloud Interface and your Kubernetes clusters
  2. effortless switch between your Managed Kubernetes clusters with a single kubeconfig
  3. use two-factor authentication for your Kubernetes clusters
  4. authorise your colleagues to access your clusters in the NWS-ID group management

What happens to the existing certificate authentication?

The authentication with the X509 client certificate is still available for everybody with the appropriate permissions in your organization.


Thanks again to Justin for expanding our Kubernetes stack! If you have any questions along the way, please feel free to contact us – we’re always there to help answer any open questions.

Achim Ledermüller
Achim Ledermüller
Senior Manager Cloud

Der Exil Regensburger kam 2012 zu NETWAYS, nachdem er dort sein Wirtschaftsinformatik Studium beendet hatte. In der Managed Services Abteilung ist er für den Betrieb und die Weiterentwicklung unserer Cloud-Plattform verantwortlich.
Mehr Beiträge zum Thema Web Services | DevOps & Container | Kubernetes

New at NWS: Managed OpenSearch

We’re happy to announce our brand new product Managed OpenSearch, which we are offering due to our new partnership with Eliatra Suite. Eliatra is your go-to company for OpenSearch, the Elastic Stack and Big Data Solutions based on specialised IT security knowledge....

Sommer, Sonne, Software – Rückblick CIVO NAVIGATE 2023

Anfang Februar durfte ich nach Tampa, Florida reisen, um auf der IT-Konferenz Civo Navigate zu sprechen, die in diesem Rahmen zum ersten Mal stattfand. Mit Beiträgen rund um Kubernetes, Edge Computing, Machine Learning, DevOps, GitOps, Observability, Security und...