Authentication in PMK

PMK provides a layer of multi-tenancy on top of Kubernetes, so that you and members of your organization can collaborate and utilize multiple Kubernetes clusters across different teams and geographical regions.

Read more about PMK multitenancy here

PMK achieves the multitenancy using an open source component called Keystone. Each deployment of PMK comes with an instance of Keystone, deployed in the PMK Management Plane.

Configure Authentication for a Cluster

When your PMK deployment is first created, a new user account with Administrator privileges is created in Keystone within the ‘service’ tenant for an authorized user provided by you. If you signup for PMK Free Tier, a new user account with Administrator privileges is created in the ‘service’ tenant in Keystone using your registered email address and password.

The Administrator user can then invite more users to the PMK deployment by adding them to PMK using the UI or API. This operation adds the users to Keystone with the appropriate role.

Configure External Access

You can configure external clients such as kubectl to work with your PMK cluster by downloading the kubeconfig file for that cluster. Follow these tutorials to learn more about this topic:

  • [What is kubeconfig]
  • [Download kubecofig via PMK UI]
  • [Download kubeconfig via PMK REST API]
  • [Run kubectl]