Kubernetes authentication and authorization like Openshift

1/5/2019

I am working on both Kubernetes and OpenShift. What I am missing in Kubernetes is the Authentication and Authorization mechanism that has OpenShift.

I want to manage users, limit users access to namespaces, advanced RBAC operations, etc..

I saw some integration of OIDC using Google or Github, but it is very limited and not really OpenShift-like..

-- Nebrass Lamouchi
kubernetes
ldap
openid-connect
openshift
security

1 Answer

1/5/2019

I saw some integration of OIDC using Google or Github, but it is very limited and not really OpenShift-like..

My understanding about "OpenShift-like.." is meaning various identity providers can be configure simply as specifying parameters in the configuration file, and provided various built in authorization role set as default.

Personally, I think Kubernetes might be configured like OpenShift, but it seems to struggle to implement your needs simply. You should configure manually to apiserver of Kubernetes and defined the roles you want or required based on RBAC. Yes, Kubernetes have the features as follows, but it's not to configure as easy as OpenShift.

OpenShift is Enterprise Kubernetes + CI/CD + Support Services, so OpenShift is extended from basic Kubernetes. Additionally, it has implemented various comfortable features about authentication and authorization by simple format, because it's not only container orchestration but it is also enterprise solution.

-- Daein Park
Source: StackOverflow