In large cluster environments with hundreds of different users with their respective permissions, access management is sometimes difficult to apply. Common approaches are using a corporate PKI to issue individual client certificates or adding webhooks. Another way is verifying signed JWT tokens (OpenID Connect) which is well-suited for companies who already using directory services (like Active Directory or OpenLDAP).

In this talk, ÖBB and WhizUs will demonstrate a real-live example of how we manage multiple kubernetes clusters in multiple projects with hundreds of different users by connecting to the company's Active Directory Service through Keycloak for JWT validation.

Participants will learn how it is possible to configure and operate multiple, including larger, Kubernetes clusters in terms of centralized user and rights management. In particular, best practices, open source solutions and common enterprise setups will be presented.