Introduction

When migrating to a Kubernetes environment, it's important to ensure authorisation is set up appropriately across the Kubernetes environment itself as well as across any linked services. It would be unwise to give the key to your house to just anyone, and it's important to make sure anyone entering through any entrance of your house (Kubernetes cluster) is authenticated.

Who is this for?

This is intended for your Developers, Operations or DevOps teams.

What will we deliver?

Technical Specification

• Setting up an identity broker system (such as Keycloak or Okta) across your Kubernetes environments
• Support with linking the chosen identity broker with external OpenID Connect or SAML identity providers (such as Active Directory)
• Support with importing and mapping external identity provider groups and roles to chosen identity broker
• Extending existing enterprise authentication identities over to the Kubernetes environment (for example Two Factor Authentication)
• Expert consultancy provided for setting up Access Control Lists (ACLs) to align with Kubernetes best practices
• Advice in setting up self service ways of accessing clusters such as Gangway
• We help implement OIDC across applications which don't currently support this, avoiding the issue where x509 certificates continue to work until their TTL has expired

People-focused Specification

• Expose your team to authentication best practices across a Kubernetes environment
• Ease of access whilst developing various components of the Kubernetes cluster via SSO

What are the benefits for your Kubernetes environment?