kubeadm-playbook
kubeadm-playbook copied to clipboard
ReSearchITEng
logging, externaldns,oauth2
see https://kubeprod.io/ for cli -> to evaluate: https://github.com/vmware-tanzu/pinniped/blob/main/doc/architecture.md
oauth2->keycloack->OpenLdap https://daenney.github.io/2018/10/27/beyondcorp-at-home https://en.wikipedia.org/wiki/List_of_OAuth_providers
for oauth:
- we can use keycloak with freeipa or ldap server as the backend. this will also allow to add additional authentication and authorization mechanism to the cluster.
- dex with gangway (heptio)
- webhook authentication and authentication mechanism ..
I am done wiith the keycloak setup with ldap, github, twitter and google authentication mechanism. working currently with dex with the custom auth endpoint which can also be used in the webhook auth/authz mechanism.
While not mandatory to use operators for now, it would be nice to have: 1.a. keycloak, the operator seems to be nice: https://github.com/keycloak/keycloak-operator (I did not try it, but it look cleaner setup) 1.b. pg db for keycloak/ldap ? -> there is a pg opr as well: https://postgres-operator.readthedocs.io/en/latest/ In general, it looks cleaner and more flexible with OPRs
It would also be nice to see if we can have a demo freeipa/LDAP deployment at least for tests
With both operator or using helm both will apply keycloak with pg-sql as the backend which holds common settings if using federated ldap login. if using operator for pg then can use coakroach db operator with cockroach db which is another pg implementation.
i will set up a cluster with LDAP and freeIPA so we can setup a meeting next week to go through the same.
if using operator for pg then can use coakroach db operator with cockroach db which is another pg implementation.
Yes, cockroachdb or yugadb. From what I read yuga promises 100% PG compatibility, while cockroachdb has small diffs apparently (https://www.cockroachlabs.com/docs/stable/postgresql-compatibility.html)