gimlet-io
Feature request for multi tenant support and integration with SSO for example Azure AD
Since Flux is supporting multiple tenants.
I would like to have a login via SSO and a user logging in, can only see the namespace of the tenant(s) and its resources a user belongs to. A user can be assigned to a 1 or more groups where each group belongs to a tenant.
This would then allow or not allow certains actions to see or push via the Capacitor UI. if this can be done by linking the group to the K8s standard RBAC roles woudl be nice, do not like the proprietary aproach Argo took on the security of the users.
As you want to exceed ArgoCD, I would like to ask for this feature request. The above is a suggestion for the implementation to set the context for the goal to rely on the native k8s RBAC just as if a user would have kubectl permission/restriction I would like to see the same for the UI.
Do you have the Azure AD's linked to kubernetes RBAC in your idealized example? or manually assigning RBAC on the cluster.
Because OAuth2-proxy via OIDC infront of capacitor could get you Auth & to the users groups via the JWT. If those groups have anything useful RBAC-wise is another matter.
+1 for this feature. We're using azure kubernetes clusters with RBAC linked to azure AD. It would be great to have a login where all permissions are inherited from the Azure AD groups.
