-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
devspace-plugin-loft
Loft Plugin for DevSpace - adds commands like `devspace create space` or `devspace create vcluster` to DevSpace
Access to Kubernetes clusters in Amazon EKS is controlled by the AWS IAM Authenticator for Kubernetes. The authenticator runs on the EKS control plane and depends on the aws-auth ConfigMap for configuration settings. Every time you use kubectl to perform actions on the EKS cluster, the AWS IAM Authenticator generates an STS token (AWS Security Token Service). Kubernetes uses the IAM authenticator service to verify the identity of users specified in this security token.
With Rancher, you get simple and flexible authentication plugins. These come with pre-built user authentication integration with GitHub, LDAP, and Active Directory. The Rancher auth proxy also integrates with other external authentication backends, including Keycloak, Ping Identity, and FreeIPA. Tying Rancher into an external auth system simplifies user and group access into the Kubernetes cluster. With the flexibility of these external plugins, you’re guarded against downtimes at the authentication provider level.
Rancher provides a Rancher authentication proxy that allows user authentication from a central location. With this proxy, you can set the credential for authenticating users that want to access your Kubernetes clusters. You can create, view, update, or delete users through Rancher’s UI and API.
Loft contains a Kubernetes API gateway that you can use to integrate multiple clusters into a Loft instance. Loft’s multi-tenancy feature also enables the API gateway to work as a single contact point for incoming API requests. The gateway handles Loft-specific commands and sends generic API calls to Kubernetes interfaces in the background.
Authentication helps control access to cluster resources by first verifying a user’s identity. In Kubernetes, the API server needs to verify the identity of every request it receives. Such requests may come from a program like a pod or from a human user. Since Kubernetes lacks a built-in feature for authenticating users, you’ll need to rely on auth providers for this service. Fortunately, the container orchestration platform accommodates a variety of authentication providers.
Among the options for auth providers is Dex, which relies on OpenID Connect to enable authentication for other applications. It’s a popular choice because it comes with connectors to allow user authentication against other third-party identity providers. Dex supports protocols such as Lightweight Directory Access Protocol (LDAP) and Security Assertion Markup Language (SAML) as well as platforms such as GitLab, Active Directory, and GitHub.
Related posts
-
Introduction to the Kubernetes ecosystem
-
Can I scale my dockerized Flask solution with Kubernetes?
-
Navigating Identity Authentication: From LDAP to Modern Protocols
-
Fun with Avatars: Containerize the app for deployment & distribution | Part. 2
-
Cisco to Acquire Cloud Native Networking and Security Leader Isovalent