Identity and access management

Identity and access management (IAM) provides a central point of users and permissions management of the Mirantis Container Cloud cluster resources in a granular and unified manner. Also, IAM provides infrastructure for single sign-on user experience across all Container Cloud web portals.

IAM for Container Cloud consists of the following components:

Keycloak

• Provides the OpenID Connect endpoint

• Integrates with an external identity provider (IdP), for example, existing LDAP or Google Open Authorization (OAuth)

• Stores roles mapping for users

IAM controller

• Provides IAM API with data about Container Cloud projects

• Handles all role-based access control (RBAC) components in Kubernetes API

IAM API

Provides an abstraction API for creating user scopes and roles

• IAM API and CLI
• External identity provider integration
• Authentication and authorization
  • Implementation flow
  • Kubernetes CLI authentication flow