OpenShift Commons Briefing #93: DevOps Identity Management for OpenShift with Marc Boorshtein (Tremolo Security)
September 7, 2017 | by
OpenShift Commons Briefing Summary
In this briefing, Tremolo Security’s CTO, Marc Boorshtein discussed best practices for securely creating OpenShift projects and managing access to those projects without manually creating accounts, policies, and bindings in OpenShift. Marc covered OpenShift’s options for managing access to projects and described what pitfalls you may run into in the modern enterprise. Marc explained how Tremolo's open source solution, OpenUnison, can give you a self-service portal for onboarding and managing access to projects and clusters. Marc also gave a demo of OpenUnison, running on OpenShift, providing:
SAML2 Authentication with the corporate identity provider
Self-service creation of projects via a request/approval workflow, including the creation of policies, bindings, and approval workflows
Self-service requests for roles in OpenShift projects
Self-service reporting for auditors and stakeholders
Learn More at the Next OpenShift Commons Gathering in Austin Dec 5th
Red Hatters, CNCF/Kubernetes project leads, and numerous other members of the OpenShift Commons will be gathering together in Austin for the upcoming OpenShift Commons Gathering co-located with Kubecon at the Austin Convention Center. Register now to reserve your seat at this day long event!
Don't forget to leave your feedback and suggestions for each video on YouTube or in the comments section below. This will be incredibly important to shape this Special Interest Group and create sessions that fit the demands of all the OpenShift developers in the community.
About OpenShift Commons
OpenShift Commons is the place for organizations that are part of the OpenShift community to connect with peers and other related open source technology communities to communicate and collaborate across all OpenShift projects and stakeholders.
The Commons' goal is to foster collaboration and communication between OpenShift stakeholders to drive success for all members, and expand & facilitate points of connection between members for sharing knowledge and experience to help drive success for the platform and for participants: customers, users, partners, and contributors.
In this blog post I want to introduce a nice little trick to make canary deployments possible only with Kubernetes StatefulSets and Services. First, let me give a bit of background on why I went down ...
Today, we’re making the Azure Service Operator available on OperatorHub.io to enable users to connect OpenShift clusters to Azure services, including EventHub, Azure SQL, CosmosDB, Storage Accounts, ...