Command-line
You can use Runops to manage access to any service that has a CLI
client. Such services include Kubernetes, AWS, GCP, app consoles like
Rails Console, Elixir IEx, and others.
Problems of CLI access control
Let’s take Kuberentes as an example.
You may want to grant developers or administrators access to your
Kubernetes clusters.
But managing Kubernetes Service Accounts is hard. RBAC is super
complex. Integrating these systems with Okta or other SSO provider takes
a lot of time and effort. Let alone integrating roles.
How Runops solves it
Instead, you can add your clusters to Runops and manage users
permissions using our API that already integrates with your SSO
provider.
Besides an simpler interface to manage users roles for your cluster,
you get audit trails, PII redact, reviews, and the many other features
provided by Runops.
How it works
By installing Runops
proxy, users can connect to your clusters natively, just like they
would do if they had direct access.
Runops transparently add all it’s features. Users won’t notice that
SSO, audit, PII redact, and all other things are heppening.
After setting up the proxy, here is how users can access your
cluster:
1. Sign-in to Runops using the CLI
This is the standard Runops authentication process that uses you SSO
provider. A single authentication enables the user to connect to any of
the clusters they have access.
plain textrunops login
2. Connect
Once logged in, users can access the cluster with
kubectl trough the Runops proxy
command-line. Creating an alias makes it transparent that commands
are going trough Runops:plain text# create alias alias kubectl='rproxy exec -c my-k8s-cluster --' # kubectl now points to the Runops proxy kubectl get pods -n my-namespace
Any
kubectl call goes trough Runops now. Requests only
work if the user is authenticated. When their JWT expire they have to
sign-in again. There is no kubeconfig, not static credentials
distributed to users, no provisioning of users into multiple
clusters.Runops simplifies and improves the security of managin access to
Kubernetes and any other CLI-based tool.