Hi, I’m Sidhartha Mani, one of the engineers here
@Rancher_Labs, and I’ve been
working on the user management functionality in Rancher. This week, we
released support for GitHub OAuth. I’m very excited about his, because
it allows organizations to connect their GitHub org structures to docker
and collaborate on management. In this blogpost I’ll show you how to
setup GitHub OAuth on Rancher for your organization.
- Rancher-Auth 2-minute setup.
- How do we do authentication?
- What’s planned for the future?
Rancher Auth 2-minute Setup
Here’s a short video explaining the setup of Github OAuth on Rancher.
How do we do authentication?
Github is free and easy to use. A wide spectrum of organizations, from
large corporations to small startups display their open source might
using GitHub. In order to make it easy for our users to use our product,
we built our authentication feature based on GitHub OAuth. GitHub OAuth
provides capabilities like :-
- GitHub organizational structure reflects the access control
structure that organizations wish for.- GitHub organizations consist of teams, and teams consist of
repositories. Rancher allows one to create access controls based
on these structures.- For example, If you wanted the resources of one of your
projects to be controlled by a limited set of people (say
the members of a single team within your organization), it
is easy to setup a rancher project just for that team. The
team members would then be able to add/delete/edit the
resources that belong to them.
- For example, If you wanted the resources of one of your
- Additionally, GitHub allows one to configure auth based on users
and organizations. Rancher leverages the flexibility of these
structures as well.- For example, If you wanted the resources to be constrained
to just one user, you could create a Rancher project and set
the scope to user. - Similarly, you could set the scope to “organization” level
and all the members of your organization would be able to
access the resources of the project.
- For example, If you wanted the resources to be constrained
- GitHub organizations consist of teams, and teams consist of
- The setup, maintanance and usage of GitHub auth is simple.
- Since Rancher doesn’t maintain passwords or complex mappings,
the implementation is safe, secure, simple and robust.
- Since Rancher doesn’t maintain passwords or complex mappings,
What’s planned for the future?
We’re working on a couple things. First, we’ll be adding support for
projects. Basically these are Docker environments that can be shared
between groups of users. Project support will be coming out in late
February (This is now
available: Blog).
Second, GitHub OAuth doesn’t provide fine grained access controls such
as providing read only access to a subset of people in the organization
or write access to another subset of people in the organization. Such
complex access control can be provided with LDAP. LDAP can be expected
in the near future versions of Rancher. If at any point you’d like to
learn more about Rancher, please request a 1:1 demonstration, and we’ll
be happy to answer all of your questions.