You can use Runops to manage access to any service that has a CLI client. Such services include Kubernetes, AWS, GCP, app consoles like Rails Console, Elixir IEx, and others.
Problems of CLI access control
Let's take Kuberentes as an example.
You may want to grant developers or administrators access to your Kubernetes clusters.
But managing Kubernetes Service Accounts is hard. RBAC is super complex. Integrating these systems with Okta or other SSO provider takes a lot of time and effort. Let alone integrating roles.
How Runops solves it
Instead, you can add your clusters to Runops and manage users permissions using our API that already integrates with your SSO provider.
Besides an simpler interface to manage users roles for your cluster, you get audit trails, PII redact, reviews, and the many other features provided by Runops.
How it works
By installing Runops proxy, users can connect to your clusters natively, just like they would do if they had direct access.
Runops transparently add all it's features. Users won't notice that SSO, audit, PII redact, and all other things are heppening.
After setting up the proxy, here is how users can access your cluster:
1. Sign-in to Runops using the CLI
This is the standard Runops authentication process that uses you SSO provider. A single authentication enables the user to connect to any of the clusters they have access.
Once logged in, users can access the cluster with
kubectl trough the Runops proxy command-line. Creating an alias makes it transparent that commands are going trough Runops:
# create alias
alias kubectl='rproxy exec -c my-k8s-cluster --'
# kubectl now points to the Runops proxy
kubectl get pods -n my-namespace
kubectl call goes trough Runops now. Requests only work if the user is authenticated. When their JWT expire they have to sign-in again. There is no kubeconfig, not static credentials distributed to users, no provisioning of users into multiple clusters.
Runops simplifies and improves the security of managin access to Kubernetes and any other CLI-based tool.