Mirecloud — Production Engineering How I Replaced Kubernetes Static Credentials with Zero Trust OIDC — A Real Production Story From admin.conf sprawl to Keycloak SSO , group-based RBAC , and centralized audit logging on bare metal. Every step, every trap, every fix. Emmanuel Catin • March 2026 • 15 min read Kubernetes Keycloak OIDC Zero Trust RBAC Security DevOps Bare Metal Table of Contents 1. The Problem with Static Credentials 2. Architecture Overview 3. Authentication Flow 4. JWT Token Anatomy 5. Phase 1 — Keycloak Configuration 6. Phase 2 — Kubernetes API Server 7. Phase 3 — RBAC Authorization 8. Phase 4 — Developer Workstation Setup 9. Phase 5 — Headless Server (SSH Tunnel) 10. Phase 6 — Audit Logging & Grafana 11. Troubleshooting Reference 12. End-to-End Checklist 13. Key T...
Welcome to Emmanuel Steven's Blog! 🎯 Passionate about IT and new technologies, I share my expertise in DevOps, cloud infrastructure (AWS, Azure, Kubernetes), data analysis tools, and more. Whether you're a beginner or an experienced professional, this blog offers valuable resources to enhance your skills and optimize your projects.