Although Kubernetes resources are best managed using infrastructure-as-code (IaC), it’s sometimes useful to be able to interact with the cluster directly – whether that’s for diagnostics or other purposes. However, as with any other access, it’s best to grant such access only when needed and to let it auto-expire when it’s no longer required.
Continue »
Managing access to Google Cloud resources at scale is difficult without groups. But passing group memberships from Entra ID to Google Cloud comes with its own set of challenges, and a better option is to use App roles.
Continue »
With Privileged Access Manager in public preview now, there’s little reason to maintain an open-source project that largely provides the same capabilities. But that doesn’t mean JIT Access is going away – instead, the project is changing focus, and its name too.
Continue »
To implement role-based access control to Google Cloud resources, it’s often useful to create a set of groups, where each group represents a role for a certain set of resources. But how can we automate the management of these groups, without granting our automation too much access?
Continue »
Using JIT Groups to manage just-in-time, self-service access to Kubernetes resources
