Access Management⚓︎
For in-cluster access management, the prokube platform uses role-based access control (RBAC) for most services. All possible roles are already configured in the prokube realm.
Realms⚓︎
A realm is a fundamental organizational unit that serves as a boundary for managing a set of users, roles, clients (most likely applications), and other resources. Each realm operates in isolation, ensuring users and configuration within one realm do not interfere with those in another realm. It's particularly useful for enterprise use cases and large organizations since it allows admin privileges at the realm level instead of system-wide admin privileges.
prokube Realm⚓︎
By default, the prokube platform comes with the master and prokube realms. All services are already connected to the prokube realm and are therefore ready to use. The master realm is used to give administrators the ability to create and manage realms. The in-realm configuration is authorized through realm roles and requires no access to the master realm.
prokube recommends reducing the number of users in the master realm as much as possible. Two or three admin users are more than enough since all in-realm configuration can be done by users within the realm.
The master admin user is meant to be used to create the first group of admin users. There is no need to configure anything else using the master admin user.
Furthermore, there are already two groups configured. One contains all realm roles required for user access to the cluster, and one for admin access.
In the prokube platform, it is advisable to stick to the role-based access control pattern. Even though Keycloak can implement a variety of different access control patterns and even expand them, it is advisable to use Keycloak as described in this documentation.
Authentication Flow⚓︎
It is possible to customize the Authentication Flow. Please refer to the Keycloak Documentation for further insights.