Kubernetes RBAC Integration
Integrating with Kubernetes RBAC
ScaleOps provides seamless integration with your current authentication and authorization process by leveraging OpenID Connect, OAuth2 ID Tokens, and native Kubernetes RBAC.
When integrating ScaleOps with your idenity provider, the platform uses the id token generated during the authentication flow and passes it securely to the Kubernetes API. The following diagram presents a high-level overview of the process:
Prerequisites
- Ensure your Kubernetes cluster is configured with RBAC
- Ensure your Kubernetes cluster is set up with OpenId Connect (AWS-EKS , Azure-AKS , GCP-GKE )
- Establish an Ingress setup that integrates with your OpenID Connect Provider
Setup
To enable ScaleOps to use the OpenID Connect ID Token, simply add the following flag --set useAuth=true to the Helm install command.
This configuration ensures that ScaleOps is set up to use the OpenID Connect ID Token as specified in the OAuth2 and OpenID Connect specifications.
Example:
helm repo update scaleops
helm upgrade --install --create-namespace -n scaleops-system \
--set scaleopsToken=<YOUR_SCALEOPS_TOKEN> \
--set clusterName=<CUSTOMER_NAME>-$(kubectl config current-context) \
--set useAuth=true \
scaleops scaleops/scaleopsAdvanced Setup
If your authentication framework uses a different header to set up the access token, you can specify the header to use by adding the following flag: --set useAuthHeader=HEADER_NAME.
Example:
helm repo update scaleops
helm upgrade --install --create-namespace -n scaleops-system \
--set scaleopsToken=<YOUR_SCALEOPS_TOKEN> \
--set clusterName=<CUSTOMER_NAME>-$(kubectl config current-context) \
--set useAuth=true \
--set useAuthHeader=<X-YOUR-CUSTOME-HEADER> \
scaleops scaleops/scaleops