Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updates AzureAD to Entra ID #87

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Updates AzureAD to Entra ID #87

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2008502
Update and rename README.md to README.md
brstuder Aug 1, 2023
ac6d409
Merge branch 'main' into entraid
srpomeroy Dec 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 8 additions & 8 deletions saml-azuread/README.md → saml-entraid/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,33 +1,33 @@
# Kubecost SSO and RBAC - AzureAD Integration
# Kubecost SSO and RBAC - Azure Entra ID Integration

![Enterprise Subscription Required](./images/kubecost-enterprise.png)

## Overview

Kubecost supports SAML 2.0 providers for:

1. Single sign on (SSO)
1. Role Based Access Control (RBAC): controlling read-only or admin access to Kubecost configuration within the UI (optional)
1. Single sign-on (SSO)
1. Role-based access control (RBAC): controlling read-only or admin access to Kubecost configuration within the UI (optional)
1. Filtering namespaces and clusters based on group membership (optional)

This guide uses Azure Active Directory (AzureAD) as an example, but the concepts apply to other providers as well.
This guide uses Azure Entra ID (formerly called Azure AD) as an example, but the concepts apply to other providers as well.

## Requirements

Both SSO and RBAC require an Enterprise Subscription.
Both SSO and RBAC require a Kubecost Enterprise plan.

We recommend using our [helm chart](https://github.com/kubecost/cost-analyzer-helm-chart) to install Kubecost.
We recommend using our [Helm chart](https://github.com/kubecost/cost-analyzer-helm-chart) to install Kubecost.

## Assistance and Feedback

We are looking for any feedback you may have on these functions and we are here to help!. Please don't hesitate to contact us via our [Slack community](https://join.slack.com/t/kubecost/shared_invite/enQtNTA2MjQ1NDUyODE5LWFjYzIzNWE4MDkzMmUyZGU4NjkwMzMyMjIyM2E0NGNmYjExZjBiNjk1YzY5ZDI0ZTNhZDg4NjlkMGRkYzFlZTU) - check out #support for any help you may need & drop your introduction in the #general channel.
We are looking for any feedback you may have on these functions and we are here to help!. Please don't hesitate to contact us via our [Slack community](https://kubecost.slack.com/ssb/redirect). Check out #support for any help you may need and drop your introduction in #general.

## AzureAD Configuration

### Create an Enterprise Application in AzureAD for Kubecost (SSO)

1. Go to Azure Active Directory in the [Azure Portal](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Overview) and select `Manage > Enterprise Application` and select `+ New Application`
1. On the "Browse Azure AD Gallery" page select `+ Create your own application` and select `Create`
1. On the "Browse EntraID Gallery" page select `+ Create your own application` and select `Create`

### Configuring your AzureAD Enterprise Application

Expand Down