Infrastructure Access

Step-by-step guide to connecting to the Localghost VPN and Kubernetes cluster.

1. VPN Connection (Tailscale)

Install Tailscale: Download and install the Tailscale client from tailscale.com.

Connect to Localghost VPN: Open your terminal and run:

tailscale up --login-server https://vpn.localghost.com

2. SSH Access (Jumpbox)

Once the VPN is connected, you can access the Jumpbox via SSH. Authentication is handled automatically via Tailscale (OIDC).

ssh jumpbox.localghost.com

3. Kubernetes Access (kubectl + OIDC)

Follow these steps to configure kubectl on your local machine.

Install kubelogin: This plugin handles the OIDC login flow.

# macOS (Homebrew)
brew install int128/kubelogin/kubelogin

# Other platforms
# See: https://github.com/int128/kubelogin

Configure Kubeconfig: Create or update your ~/.kube/config with the following content:

apiVersion: v1
kind: Config
clusters:
- cluster:
    server: https://138.199.128.141:6443
    insecure-skip-tls-verify: true
  name: localghost
contexts:
- context:
    cluster: localghost
    user: authentik
  name: localghost
current-context: localghost
users:
- name: authentik
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      command: kubectl
      args:
      - oidc-login
      - get-token
      - --oidc-issuer-url=https://auth.localghost.com/application/o/kubernetes/
      - --oidc-client-id=kubernetes
      - --oidc-extra-scope=email
      - --oidc-extra-scope=groups

Login and Verify: Run any kubectl command. Your browser will open to auth.localghost.com.

kubectl get nodes