Kubernetes

Kubernetes authentication, authorization, and automation

Authenticate to Kubernetes with (links to GitHub):

Secure Your ENTIRE
Kubernetes Platform

OpenUnison + Orchestra take the work and wait out of securing Kubernetes, and add a layer of security to everything inside your cluster.

Reduce Infrastructure Costs

No need to add new hardware. Just a few clicks, and OpenUnison and Orchestra are ready to go

Get Authorization Working Fast

Skip setting up separate applications to get authentication working with Kubernetes, and just enable it in OpenUnison instead

Simple & Speedy Security

Short-lived tokens and quick one-click session revocation keep unwanted hands out of the cookie jar

Easily Authorize New Users

Eliminate tedious, time-consuming command line tasks and authorize users in seconds from the dashboard.

Control Groups & Namespaces

Create your own groups and namespaces without waiting for anyone's approval.

Secure Kubernetes
‍‍
And Your Entire Cluster

OpenUnison and Orchestra take the work and wait out of securing Kubernetes.

Easily Authorize New Users

Skip hundreds of tedious, time-consuming tasks manually executed through the command line, and authorize users in seconds from the dashboard.

Reduce Infrastructure Costs

No additional databases, servers, or applications needed - just a few clicks in the dashboard, and OpenUnison and Orchestra are ready to go.

Get Authentication Working Fast

Skip setting up separate applications to get authentication working with Kubernetes, and just enable it in OpenUnison instead.

Control Groups and Namespaces

Create your own groups and namespaces that work with the identity data you already have access to, without waiting around for someone else’s approval.

Simple and Speedy Security

Keep unwelcome hands out of the cookie jar with short-lived tokens and quick one-click session revocation from right within the dashboard.

TBD

TBD

TBD

TBD

TBD

TBD

Orchestra Login Portal
For Kubernetes

The Orchestra Login Portal is built on OpenUnison and supports all the above listed goals.  Orchestra deploys in minutes with no 3rd party database needed. Orchestra uses Kubernetes Custom Resources to store all session and user data and individual sessions are easily revoked by deleting objects via kubectl.  Finally, Orchestra provides easy integration with both kubectl and the dashboard by creating a single entry point for both.

Compare Orchestra
‍‍‍
To Other Leading Products

Dashboard Integration
Built Right In
Requires Additional Reverse Proxy
(ie OAuth2 Proxy)
Requires Additional Reverse Proxy
(ie OAuth2 Proxy)
.kube/config Generation
One Click Set-Up
Requires Separate Application
Requires Separate Application
No Configuration kubectl Login
kubectl plugin
No
No
Integrate short lived tokens to dashboard and kubectl
Dashboard integration automatically refreshes tokens
Dependent on Reverse Proxy
Dependent on Reverse Proxy
No database required
No, all objects stored as Custom Resources
No, all objects stored in API Server
Yes (comes with H2)
Revoke Single User's Session
Yes
Yes
Yes
Trusting client certificates
Yes, when generating .kube/config
No, requires separate application
No, requires separate application
Supports "Logout"
Yes, ends access to Kubernetes both via the kubectl and the Dashboard
No, can not end a session early
Yes for kubectl, depends on dashboard reverse proxy implementation
Customizations
Kubernetes Objects / XML + Java
Go + YAML
GUI + Java
Automated Operator
Yes - Automate certificate management and rollover
Yes
Alpha
Supported Authentication Endpoints
LDAP/Active Directory, OpenID Connect, SAML2, GitHub,custom
LDAP/Active Directory, OpenID Connect, SAML2, GitHub
LDAP/Active Directory, OpenID Connect, SAML2
Multi-Factor Authentication Support
TOTP (Google Authenticator), FIDO U2F, Symantec VIP, DUO, One-Time-Passworod, Certificate/X509/Smart Card
Alpha
TOTP