Open RegisHubelia opened 1 year ago
with v1.2.0 we are looking to open up the embedded rancher for managing the local harvester cluster.
Once this is done. it may be possible via the embedded rancher: https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-okta-saml#configuring-okta-in-rancher
Thanks. That doesn't really protect the harvester ui itself tough, but let's see when it comes out.
with v1.2.0 we are looking to open up the embedded rancher for managing the local harvester cluster.
JFTR, the implementation for v1.2.0 was to introduce rancher-vcluster, which simplifies installation of an external rancher on an existing harvester cluster. For more details see the HEP at https://github.com/harvester/harvester/blob/master/enhancements/20230807-rancher-vcluster-addon.md and the documentation at https://docs.harvesterhci.io/v1.3/advanced/addons/rancher-vcluster/
We do not want to have to install a separate rancher just to use SSO for harvester. It just adds one more thing we now have to maintain. It would be much better option to allow an admin to enable an auth provider from the embedded rancher.
Is your enhancement related to a problem? Please describe. There doesn't seem to be a way to add other Authentication provider like Okta in Harvester.
Describe the solution you'd like I know we can use rancher, but it would be ideal if we can also add auth providers when connecting directly to the hosts/vip address.
Describe alternatives you've considered Forcing users to connect to harvester trough Rancher - but not ideal.