Is it possible in flyte in helm with kubernetes to set polic Flyte #flyte-support

Is it possible in flyte (in helm with kubernetes) ...

fast-salesclerk-89694

01/23/2025, 3:03 PM

Is it possible in flyte (in helm with kubernetes) to set policies for which group (from keycloak) sso) it is allowed to have how many ressources and which groups are allowed to only use flyte?

fast-salesclerk-89694

01/23/2025, 3:08 PM

Can i do it in the helm values with?:

Copy code

configmap:
  adminServer:
    security:
      authorization:
        policies:
          - match:
              group: "allowed-group" # Replace with the Keycloak group name
            allow: true
          - match:
              group: "*"
            allow: false

average-finland-92144

01/23/2025, 3:36 PM

RBAC is not available in OSS Flyte, among other reasons, one could see how almost every organization and IdP would require a different implementation. The closest is this community proposal to have an authz interceptor that could extract project/domain and isolate a user in that context. RBAC is available on the Flyte-powered Union platform

freezing-airport-6809

01/26/2025, 6:16 PM

@acoustic-parrot-22802 you can use union - Union has all of this built in

acoustic-parrot-22802

01/26/2025, 6:31 PM

@freezing-airport-6809 sorry, I didn't get you

freezing-airport-6809

01/27/2025, 1:52 AM

@acoustic-parrot-22802 I mean, Union has RBAC, auth, and many other things pre-built

acoustic-parrot-22802

01/27/2025, 6:49 AM

can you please share an example/document for reference

freezing-airport-6809

01/27/2025, 7:14 AM

https://docs.union.ai/byoc/user-guide/administration/user-management

2 Views

Open in Slack

Previous Next