Identity and access management

Identity and access management (IAM) provides a central point of users and permissions management of a MOSK cluster resources in a granular and unified manner. Also, IAM provides infrastructure for single sign-on user experience across all MOSK web portals.

IAM for MOSK consists of the following components:

Keycloak

• Provides the OpenID Connect endpoint

• Integrates with an external identity provider (IdP), for example, existing LDAP or Google Open Authorization (OAuth)

• Stores roles mapping for users

IAM Controller

• Provides IAM API with data about MOSK projects

• Handles all role-based access control (RBAC) components in Kubernetes API

IAM API

Provides an abstraction API for creating user scopes and roles

• External identity provider integration
• Authentication and authorization
  • Implementation flow
  • Kubernetes CLI authentication flow

See also

IAM resources