Manage IAM

Note

The Container Cloud web UI communicates with Keycloak to authenticate users. Keycloak is exposed using HTTPS with self-signed TLS certificates that are not trusted by web browsers.

To use your own TLS certificates for Keycloak, refer to Configure TLS certificates for cluster applications.

• Manage user roles through Container Cloud API
  • Available IAM roles and use cases
    • IAM roles
    • Role use cases
  • Mapping of Keycloak roles to IAM*RoleBinding objects
    • Mapping of new-style Keycloak roles to IAM*RoleBinding objects
    • Mapping of old-style Keycloak roles to IAM*RoleBinding objects
    • Examples of mapping between Keycloak roles and IAM*RoleBinding objects
• Manage user roles through the Container Cloud web UI
• Manage user roles through Keycloak
  • Container Cloud roles and scopes
    • Old-style roles
    • New-style roles
    • Detailed role descriptions
  • Use cases
  • Access the Keycloak Admin Console
    • Obtain access credentials using the Container Cloud CLI
    • Obtain access credentials using kubectl
• Change passwords for IAM users
• Obtain MariaDB credentials for IAM