Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

logging, externaldns,oauth2 #75

Open
ReSearchITEng opened this issue Sep 5, 2019 · 7 comments
Open

logging, externaldns,oauth2 #75

ReSearchITEng opened this issue Sep 5, 2019 · 7 comments
Assignees
@coolamiy
Labels
enhancement

Comments

@ReSearchITEng
Copy link
Owner

ReSearchITEng commented Sep 5, 2019
edited

see https://kubeprod.io/
for cli -> to evaluate: https://github.com/vmware-tanzu/pinniped/blob/main/doc/architecture.md
@ReSearchITEng
Copy link
Owner Author

ReSearchITEng commented Sep 5, 2019
edited

oauth2->keycloack->OpenLdap
https://daenney.github.io/2018/10/27/beyondcorp-at-home
https://en.wikipedia.org/wiki/List_of_OAuth_providers

@coolamiy
Copy link

coolamiy commented Nov 6, 2020

Please assign this iissue to me

@ReSearchITEng
Copy link
Owner Author

Thanks @coolamiy for looking into it.

@coolamiy
Copy link

coolamiy commented Nov 9, 2020

for oauth:

  1. we can use keycloak with freeipa or ldap server as the backend. this will also allow to add additional authentication and authorization mechanism to the cluster.
  2. dex with gangway (heptio)
  3. webhook authentication and authentication mechanism ..

I am done wiith the keycloak setup with ldap, github, twitter and google authentication mechanism.
working currently with dex with the custom auth endpoint which can also be used in the webhook auth/authz mechanism.

@ReSearchITEng
Copy link
Owner Author

ReSearchITEng commented Nov 10, 2020
edited

While not mandatory to use operators for now, it would be nice to have:
1.a. keycloak, the operator seems to be nice: https://github.com/keycloak/keycloak-operator (I did not try it, but it look cleaner setup)
1.b. pg db for keycloak/ldap ? -> there is a pg opr as well: https://postgres-operator.readthedocs.io/en/latest/
In general, it looks cleaner and more flexible with OPRs

It would also be nice to see if we can have a demo freeipa/LDAP deployment at least for tests

@coolamiy
Copy link

With both operator or using helm both will apply keycloak with pg-sql as the backend which holds common settings if using federated ldap login.
if using operator for pg then can use coakroach db operator with cockroach db which is another pg implementation.

i will set up a cluster with LDAP and freeIPA so we can setup a meeting next week to go through the same.

@ReSearchITEng
Copy link
Owner Author

if using operator for pg then can use coakroach db operator with cockroach db which is another pg implementation.

Yes, cockroachdb or yugadb. From what I read yuga promises 100% PG compatibility, while cockroachdb has small diffs apparently (https://www.cockroachlabs.com/docs/stable/postgresql-compatibility.html)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@coolamiy coolamiy

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ReSearchITEng @coolamiy