The Kubernetes API server can trust an OIDC provider to authenticate users. We recommend that you work with your Kubernetes administrator and security team when you configure this integration. The exact steps vary by infrastructure provider and Kubernetes platform, such as AWS EKS, Azure AKS, or Google GKE.
PaletteAI supports Kubernetes User Impersonation. User impersonation is a feature that allows a user to impersonate another user. This is useful for scenarios where you are unable to configure the Kubernetes API server to trust the Dex as an OpenID Connect (OIDC) provider. Through the user impersonation feature, you can continue to use your existing OIDC provider or local Dex users, the key part is to ensure that proper group mappings are configured so that the user has the correct permissions to access the resources they need.
This guide covers installing PaletteAI on self-managed Kubernetes clusters where you have full control over the API server configuration. The deployment uses the hub-as-spoke pattern with Zot as the Open Container Initiative (OCI) registry. Use this guide if installing PaletteAI on: