What is Easy OIDC?
Easy OIDC is a minimal OIDC provider that lets your team authenticate to Kubernetes clusters using their existing Google or GitHub accounts, and a simple configuration for mapping groups claims for easy RBAC.
Key Features
- Federated Authentication: Delegate authentication to Google or GitHub (no local passwords to manage)
- Kubernetes-Ready: Built specifically for Kubernetes RBAC with static group mappings
- Minimal Infrastructure: Single VM instance deployment with auto-managed TLS
- Secure by Default: PKCE-only flows, Ed25519 signing, automatic HTTPS via Let’s Encrypt
- Cloud-Native: Terraform/OpenTofu modules for AWS with GCP and Azure planned
- Open Source: Easy OIDC is released under the Apache License 2.0.
Why Easy OIDC?
vs. Static Certificates: OIDC tokens expire automatically and can be revoked. No more distributing kubeconfig files with long-lived credentials.
vs. Dex: Dex is excellent but more operationally complex. Easy OIDC is purpose-built for the simple case: federated auth with static group mappings.
Quick Start
- Set up an upstream OAuth provider (Google or GitHub)
- Deploy to AWS using our Terraform module
- Configure your Kubernetes cluster to use Easy OIDC
- Authenticate with kubelogin