I work at a company that provides a SaaS platform for running Kubernetes clusters across edge, private and public clouds, and IAM for cloud infrastructure is a massive issue. My team and I have spent significant amounts of time digging into this issue and connected with infra over 12 months ago. This as a two layer problem; provide consistency across clouds for DevOps and platform teams, and ease of use for users.
Infra is solving this very complex issue by addressing both and I like the approach the team has taken.
Simplifying IAM for platform teams whilst importantly maintaining native controls such as RBAC with multiple clusters using a single distribution of Kubernetes is crucial. Any layer on top of Kubernetes RBAC makes it impossible to remain open and portable. Solving this across different clouds, be it the hyperscale providers or any on-prem DIY, is even more complex, OIDC is one example.
Further, issues arise when you want to provide developers self-service access to clusters. Current in-market options are limited or require separate tools for separate clouds, AWS IAM for example, or result in further in-house/DIY development.
Infra is solving this very complex issue by addressing both and I like the approach the team has taken.
Simplifying IAM for platform teams whilst importantly maintaining native controls such as RBAC with multiple clusters using a single distribution of Kubernetes is crucial. Any layer on top of Kubernetes RBAC makes it impossible to remain open and portable. Solving this across different clouds, be it the hyperscale providers or any on-prem DIY, is even more complex, OIDC is one example.
Further, issues arise when you want to provide developers self-service access to clusters. Current in-market options are limited or require separate tools for separate clouds, AWS IAM for example, or result in further in-house/DIY development.
Can't wait to see where this goes next.