Back To Schedule
Tuesday, May 21 • 14:50 - 15:25
Portable, Universal Single Sign-On for Your Clusters - Miguel Martinez, Bitnami

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
In order to enable Single Sign-On in your cluster you need to configure the Kubernetes API server. This is an issue if you are using services where the control plane is managed for you. Some managed services like GKE support SSO out of the box, but are not configurable. Others like AKS allow you to configure it, but only with Active Directory. These options might not fit some of your requirements such as using your company’s existing Identity provider, to use other protocols such as LDAP or SAML or when applications (e.g the Kubernetes Dashboard) need access to the API server.

In this session, I will present some workarounds that leverage other native AuthN/AuthZ mechanisms such as service accounts or impersonation via auth proxies. I will also demo how to use these methods to enable SSO for the Kubernetes dashboard that can be used across different managed and on-prem environments.

avatar for Miguel Martinez

Miguel Martinez

Senior Software Engineer, Bitnami
Miguel Martinez is a member of the engineering team at Bitnami and core contributor of the Helm and Monocular projects. He is currently working on Kubeapps, an open source application dashboard for Kubernetes. He loves Ruby, describes himself as a full stack engineer and complains... Read More →

Tuesday May 21, 2019 14:50 - 15:25 CEST
Hall 8.0 F1