Cluster Authentication
  • English

    • Release Notes

    TOC

    Minor Version: 1.0.0

    Features and Enhancements

    First Release

    • Independent cluster authentication service

      • Provides an independent authentication integration capability for global cluster failure scenarios
      • Ensures users can still log in to access and operate Kubernetes clusters when the global cluster is unavailable
      • Keeps user permissions consistent with the state before the global cluster failure (group permissions not supported)

    • Support for multiple identity providers (IDP)

      • LDAP: Supports integration with LDAP/Active Directory, including configurable user search and attribute mapping
      • OIDC: Supports integration with OIDC identity providers, including scopes and claim mapping (email, username, groups)
      • Uses Connector Custom Resources (CRs) in the cpaas-system namespace to manage IDP configurations

    • AC CLI integration

      • Supports authentication and login to workload clusters via AC CLI (version >= 1.1)
      • Provides CLI parameters for choosing IDP (--idp), authentication type (--auth-type ldap|oidc), and workload cluster login (--workload)

    • ACP integration and deployment

      • Delivered as an Alauda Container Platform Cluster Authentication plugin package
      • Supports installation via ACP web console and CLI
      • Uses ModuleInfo resources to install the plugin to target clusters (with .spec.version set to v1.0.0)

    Known Limitations

    • Group permissions are not supported; only user-level permissions are maintained after global cluster failure.