TL;DR
- OpenUnison 1.0.23 is available
- Add applications, authentication changes, and more with custom resources
- Direct Istio support
OpenUnison 1.0.23
Today, OpenUnison 1.0.23 is available! The biggest part of this release is that OpenUnison can now read application configuration directly from a CR instead of having to be included in a customized version of the container. This makes adding new applications to your cluster management portal much easier. Let's take a look at adding SSO to Kiali as an example. Tremolo Security contributed the code to Kiali to support reverse proxy authentication with tokens and impersonation so Kiali can authenticate the same way the dashboard can. This means you can have the same smooth authentication for Kiali with OpenUnison that you do with the dashboard and kubectl. Let's say you have deployed EKS and want to integrate Kiali into your OpenUnison instance. You would add the following CR to your cluster:
This CR tells OpenUnison there's an application at /kiali that should be authenticated by the enterprise_idp authentication chain. For each request, inject no-cache headers and the impersonation headers needed for Kiali to authenticate you. Finally, forward all requests to the Kiali service. The session is encrypted with the same key used by the main portal. Once deployed to your cluster, all of your OpenUnison pods will pick this object dynamically and enable it, making Kiali a part of your OpenUnison portal! We created a new documentation site with instructions on how to onboard applications directly into OpenUnison, starting with Kiali. We'll be updating this site with additional applications, such as Grafana, Prometheus, and Alert Manager. We'll also be adding generic reference documentation so you can build application integrations yourself.
Direct Istio Support
Speaking of Kiali and Istio, this release adds first class support for Istio as an Ingress for OpenUnison. The helm charts and operator create the objects for you. Just as with the new applications section of the our new documentation site, we added an Ingresses section. As we add new Ingress support, we'll update the instructions here.
Upgrading
Upgrading is simple. First update your local helm repo to get the latest versions. Then upgrade your operator and finally, upgrade OpenUnison!
Once the operator is updated and the openunison pods have restarted, update your orchestra: