Log in with Username and Password
By default, you can log in to Kommander with the credentials given by the following command to access the Username and Password stored on the cluster:
kubectl -n kommander get secret dkp-credentials -o go-template='Username: {{.data.username|base64decode}}{{ "\n"}}Password: {{.data.password|base64decode}}{{ "\n"}}'
You can retrieve it anytime using the same command.
You should only use these static credentials to access the DKP UI for configuring an external identity provider. Since there is no way to update static credentials, you should treat them as backup credentials and not use them for normal access. Always log in with your own identity from external identity providers that provide additional security features like Multi-Factor Authentication.
You can perform the following operations on Identity Providers:
Identity Providers
To provide simple access for the users of your organization, you can set up Identity Providers.
Currently, Kommander supports GitHub, LDAP, any standard SAML provider such as OneLogin, and any standard OIDC provider such as Google.
You can configure as many Identity Providers as you like. Users can then select any of those methods when logging in.
Limit who has access
-
The GitHub provider allows you to specify which organizations and teams are eligible for access.
-
The LDAP provider allows you to configure search filters for either users or groups.
-
The OIDC provider cannot limit users based on identity.
-
The SAML provider allows users to log in using a single sign-on (SSO) profile.
Configure an identity provider via the DKP UI
-
From the top menu bar, select the Global workspace.
-
Select Identity Providers in the Administration section of the sidebar menu.
-
Select the Identity Providers tab, and then select the + Add Identity Provider button.
-
Select an identity provider and complete the form field with the relevant details.
-
Select Save to create your Identity Provider.
Temporarily disabling a provider
Select the three dot button on the Identity Providers table and select Disable from the drop-down menu. The provider option no longer appears on the login screen.
Groups
With groups, you can define segments of users within your connected identity provider. These groups can then be used to configure access to various workspaces, projects and other resources via role bindings.
-
After clicking on the Groups tab Begin by selecting the Create Group button, which will direct you to the Create Group form.
-
Name your group.
-
Add one or more users or groups of users that exist within your identity provider already. At least one identity provider group or user is required to save your group.
-
Select Save to create your Group.
Once a group is created, it can be used within Access Control to create role bindings with RBAC roles that define access to resources.