Kubernetes Authentication and Authorization
Kubernetes authentication can take multiple forms. When designing your authentication strategy, take into account:
- How will users authenticate using kubectl?
- How will users access the dashboard?
- How will I control access to my Kubernetes cluster?
- How do I revoke access to Kubernetes?
The simplest way to answer all of these questions is using Unison or OpenUnison with OpenID Connect. OpenUnison provides a bridge for Kubernetes to any of the authentication mechanisms supported by Tremolo Security. Users can login to the Kubernetes Dashboard, use kubectl from the command line and when their session is over or they logout their token expires and becomes unusable. Tremolo Security makes Kubernetes authentication simple and transparent to your developers and operators.
Beyond Authentication – Kubernetes User Management
Once you have Kubernetes authentication working, how will you control access? Are you running a multi-tenant Kubernetes deployment? How will you manage the identity management controls of your compliance requirements? Tremolo Security has built an open source Kubernetes user manager that provides a single portal for:
- Kubernetes Authentication
- Requesting access to namespaces
- Viewing reports of access requests
- Creating namespaces using a self service identity driven workflow
Our CTO, Marc Boorshtein, demoed Tremolo Security’s project for Kubernetes user management at KubeCon 2017 in Austin, TX during his session on Identity Management and Compliance in Kubernetes.
Learn More About Tremolo Security and Kubernetes
You’ve seen how Tremolo Security can add enterprise authentication and user management to your Kubernetes cluster, so what’s next? The links below will take you to the Github project for our Kubernetes Identity Manager, videos and exmple guides to get you started. Feel free to open issues on Github or reach out on twitter to learn more about how Tremolo Security can help you secure your Kubernetes cluster.