Versions:
kubelogin is a kubectl plugin developed by int128 that streamlines Kubernetes OpenID Connect (OIDC) authentication, enabling users to authenticate against any OIDC-compliant identity provider before executing kubectl commands. Designed for cluster administrators, DevOps engineers, and developers who manage multi-cluster environments, the tool intercepts kubectl credential requests, launches the system’s default browser to complete an OIDC authorization code flow, and then caches the resulting tokens in the kubeconfig file or local keyring. This eliminates the need to distribute long-lived static tokens or embed client secrets in cluster configurations, thereby reducing credential leakage risk and simplifying compliance audits. Typical use cases include single sign-on to on-premises or managed Kubernetes services such as EKS, AKS, or GKE when the cluster’s API server is configured with the OIDC flags, automated CI/CD pipelines that must obtain short-lived tokens on every run, and enterprise scenarios where groups or role claims returned by an identity provider need to be mapped directly to Kubernetes RBAC. The plugin supports PKCE, refresh-token rotation, and multiple concurrent issuer configurations, allowing seamless switching between development, staging, and production contexts. Since its initial release, int128 has shipped eleven successive versions; the current stable release, version 1.36.0, refines token refresh logic and adds support for ARM64 Windows builds. kubelogin is classified under Development / Debugging & Diagnostics within the Kubernetes ecosystem and integrates transparently with existing kubectl workflows without requiring cluster-side changes. The software is available for free on get.nero.com, with downloads provided via trusted Windows package sources (e.g. winget), always delivering the latest version, and supporting batch installation of multiple applications.
Tags: