From d671844d3f4c25827141ef9fb6009c331df6ec31 Mon Sep 17 00:00:00 2001 From: techmaharaj Date: Tue, 13 Dec 2022 13:51:51 +0530 Subject: [PATCH 1/2] Added FAQ to resources --- docs/References/troubleshooting.md | 50 ++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/docs/References/troubleshooting.md b/docs/References/troubleshooting.md index ffad49f..44f4a50 100644 --- a/docs/References/troubleshooting.md +++ b/docs/References/troubleshooting.md @@ -57,3 +57,53 @@ If you are unable to access your cluster via kubectl from the dashboard, check o - *Try killing & restarting the prompt pod* - *Check logs from Relay Agent to see if there is any error* - *SSL certificate mismatch/error, Ensure that you use the correct SSL certificates as the ingress tends to reject incorrect ones* + +--- + +## Frequently Asked Questions + +### 1. What is Paralus? + +An open source access manager for Kubernetes clusters, Paralus enables teams to provide secure access to Kubernetes clusters. It lets you create and manage access control policies for people, teams and services across multiple Kubernetes clusters without requiring any modifications to your firewall. + +Users can simply import K8 clusters into Paralus projects and define rights on a project to project basis. You can also use Paralus to set up any SSO service using GitHub, Azure AD, Okta, etc. so that users can sign-in onto their clusters with the access rights they were given. + +It also records logs for audit and compliance, so you can see who and when did what on your K8s infrastructure. Paralus can be used with a web GUI, CLI, or API. + +### 2. Is Paralus a CNCF Project? + +Paralus is currently a candidate in the CNCF Sandbox application process. + +### 3. How and where can I try it myself? + +You can download and install Paralus for free on [GitHub](https://github.com/paralus/paralus). Alternatively, we’ve setup a one-click installer on [Digital Ocean Marketpace](https://marketplace.digitalocean.com/apps/paralus) to make it even easier. We also have several quickstart guides on the the [blog](https://paralus.io/blog/). + +### 4. Is there support or an enterprise license available? + +Support for Paralus is available via [community Slack](https://join.slack.com/t/paralus/shared_invite/zt-1a9x6y729-ySmAq~I3tjclEG7nDoXB0A). Enterprise licensing and support is offered with Rafay’s Kubernetes Operations Platform. + +### 5. How is this different from Teleport? + +Teleport while it also has the ability to provide secure access to Kubernetes clusters is a much more clunky solution as it: + +- requires setup per cluster +- requires the use of Kubernetes secrets to mount the Teleport user token to the cluster +- requires login first to a bastion Teleport server + +Paralus does not require any of these steps. It’s simply import your cluster and get started. User roles and responsibilities are not mixed with infrastructure deployments and management. Teleport does have some advanced functionality today such as session recordings which allow platform admins to capture the actions a user has performed and watch them again. These kinds of functionality are in the roadmap for Paralus in the near future. + +### 6. I installed Paralus correctly, however, I'm unable to access the password reset link? + +This happens when the password reset link has expired. The password reset link generated at the time of installing Paralus is valid only for 10 minutes. You can regenerate the URL by referring to our [password reset URL documentation](#password-reset-link-expired). + +### 7. I am getting x509 certificate error, what should I do? + +This is because of an incorrect SSL certificate configuration. If you're trying it your local setup, you can deploy Paralus without configuring SSL. Follow our kind quickstart guide. However, if you're deploying Paralus with a domain name on a cloud Kubernetes platform, follow the SSL guide to setup SSL certificate correctly. + +### 8. I am unable to provide a password on the password reset page? + +Please ensure that you are not using a simple password like 123, password etc. Paralus uses Ory Kratos for authentication and it doesn't allow to set such simple passwords. You can read more about [password policy here](https://www.ory.sh/docs/concepts/password-policy). + +### 9. Does Paralus support LDAP with AD integration? + +As of 0.1.9, Paralus doesn't support LDAP with AD integration. Paralus uses Ory Kratos under the hood for user management which currently doesn't support LDAP as well. However, Paralus does allow you to configure third party identity providers and configure it as SSO. From bb70ffe7a61da452ff730a3a48f429e646b44673 Mon Sep 17 00:00:00 2001 From: Atulpriya Sharma Date: Fri, 11 Aug 2023 13:11:33 +0530 Subject: [PATCH 2/2] Fixed comments. --- docs/References/troubleshooting.md | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/docs/References/troubleshooting.md b/docs/References/troubleshooting.md index 44f4a50..7fe0b43 100644 --- a/docs/References/troubleshooting.md +++ b/docs/References/troubleshooting.md @@ -66,13 +66,13 @@ If you are unable to access your cluster via kubectl from the dashboard, check o An open source access manager for Kubernetes clusters, Paralus enables teams to provide secure access to Kubernetes clusters. It lets you create and manage access control policies for people, teams and services across multiple Kubernetes clusters without requiring any modifications to your firewall. -Users can simply import K8 clusters into Paralus projects and define rights on a project to project basis. You can also use Paralus to set up any SSO service using GitHub, Azure AD, Okta, etc. so that users can sign-in onto their clusters with the access rights they were given. +Users can simply import K8 clusters into Paralus projects and define rights on a project to project basis. You can also use Paralus to set up any SSO service using GitHub, Gitlab, Google, Okta, and Slack at the moment so that users can sign-in onto their clusters with the access rights they were given. It also records logs for audit and compliance, so you can see who and when did what on your K8s infrastructure. Paralus can be used with a web GUI, CLI, or API. ### 2. Is Paralus a CNCF Project? -Paralus is currently a candidate in the CNCF Sandbox application process. +Paralus is a [CNCF Sandbox project](https://www.cncf.io/projects/paralus/). ### 3. How and where can I try it myself? @@ -84,7 +84,14 @@ Support for Paralus is available via [community Slack](https://join.slack.com/t/ ### 5. How is this different from Teleport? -Teleport while it also has the ability to provide secure access to Kubernetes clusters is a much more clunky solution as it: +[Teleport](https://goteleport.com/) is an identity-aware access management and security for dynamic environments such as Kubernetes clusters, databases, and other cloud resources. Below are some of the salient features of Teleport: + +- Identity-Aware Access Management: Teleport provides fine-grained access control based on user identities, roles, and permissions, ensuring secure access to resources. +- Single Sign-On (SSO): Users can log in once and access multiple resources without the need for repeated authentication, streamlining the user experience. +- Multi-Factor Authentication (MFA): Enhances security by requiring additional authentication factors beyond just a password. +- Session Recording and Audit Trails: Teleport records user sessions and access events, providing a comprehensive audit trail for compliance and security monitoring. + +While it also has the ability to provide secure access to Kubernetes clusters is a much more clunky solution as it: - requires setup per cluster - requires the use of Kubernetes secrets to mount the Teleport user token to the cluster