Select Page

NWS-ID for your Managed Kubernetes!

by | Mar 29, 2023 | Web Services, Cloud Native, Kubernetes

First Cloud, now Kubernetes – the integration of NWS-ID with our portfolio continues! As a next step, we will merge your Managed Kubernetes clusters with NWS-ID. Credit goes to Justin for extending our cluster stack with OpenID-Connect (OIDC), the base for NWS-ID!

How can you use your Kubernetes Cluster with NWS-ID?

All you need is kubelogin, a plugin for kubectl, and a customized kubeconfig, which can be downloaded in the NWS Customer Interface. But: this applies to newly started clusters only. Older installations need some action from you! Let’s go and see, what other scenarios there are!

If you have a cluster running with a Kubernetes v1.23 or greater, just enable NWS-ID in the Customer Interface. This will restart the kube-apiserver with some new parameters which will authenticate your requests against NWS-ID using OpenID-Connect.

For clusters in version v1.22 or less you need to update your cluster at least to v1.23 and enable NWS-ID in the Customer Interface. After your cluster is ready for NWS-ID you need to pimp your kubectl for OpenID-Connect.

kubectl and kubelogin

kubelogin is a plugin for kubectl, which enables authentication via OIDC. It is easily installed with brew, krew, choco or Github Releases as described in the official documentation. After the installation, just download your kubeconfig for NWS-ID from the Customer Interface and start using kubectl as usual!

If you have multiple Managed Kubernetes clusters it is easy to switch the context with kubectl config use-context MyCluster.

Permissions and Roles

If you’re not an admin in your organization, they must authorize your NWS-ID. This happens as usual in the user group management in the Customer Interface. As admin you can grant two different roles to your colleagues. Choose between admin and reader which will be mapped the to corresponding Kubernetes cluster role.

If you need some more detailed help, just have a look into our docs for User and Groups and Permissons.

What are the advantages of integrating our Managed Kubernetes with NWS-ID?

Combining these two services makes your daily work easier, because now you can:

  1. use a single login for the NWS Customer Interface, the Cloud Interface and your Kubernetes clusters
  2. effortless switch between your Managed Kubernetes clusters with a single kubeconfig
  3. use two-factor authentication for your Kubernetes clusters
  4. authorise your colleagues to access your clusters in the NWS-ID group management

What happens to the existing certificate authentication?

The authentication with the X509 client certificate is still available for everybody with the appropriate permissions in your organization.


Thanks again to Justin for expanding our Kubernetes stack! If you have any questions along the way, please feel free to contact us – we’re always there to help answer any open questions.

Achim Ledermüller
Achim Ledermüller
Senior Manager Cloud

Der Exil Regensburger kam 2012 zu NETWAYS, nachdem er dort sein Wirtschaftsinformatik Studium beendet hatte. In der Managed Services Abteilung ist er für den Betrieb und die Weiterentwicklung unserer Cloud-Plattform verantwortlich.


Submit a Comment

Your email address will not be published. Required fields are marked *

More posts on the topic Web Services | Cloud Native | Kubernetes

CfgMgmtCamp 2024: Unser Rückblick

Vergangene Woche fuhr ein Teil unseres Teams bei NWS bis nach Ghent in Belgien, um am ConfigManagementCamp 2024 teilzunehmen. Hierbei handelt es sich um eine kostenlose Konferenz, direkt im Anschluss an die FOSDEM, was Jahr für Jahr für ein großes Publikum aus Fans...

Effektive Zugriffskontrolle für GitLab Pages

Grundlagen von GitLab Pages GitLab Pages sind eine facettenreiche Funktion, die es ermöglicht, statische Webseiten direkt aus einem GitLab-Repository heraus zu hosten. Diese Funktionalität eröffnet eine breite Palette von Anwendungsmöglichkeiten, von der Erstellung...