[Freeipa-users] FreeIPA in cloud environment

Need to extend FreeIPA deployment into cloud environment (at the moment we use it in our HQ only) and seek for options how to do the deployment with keeping security in mind. Have some questions: - is it possible to configure FreeIPA replica for subtree? - not all FreeIPA accounts are required being available in cloud environment (not all teams use clouds), would be great to be able to limit amount of security objects being pushed to not controlled environment - is it possible to configure one way replica (HQ-to-cloud) with possibility to register hosts on cloud instance? - what are best practices for FreeIPA deployment in dynamic environment (e.g. in Kubernetes/Docker containers for DevOps)? - how to properly register/unregister hosts/containers? - what is the implementation status of External Authentication feature [1] (which might allow proper cloud deployment) [1] https://www.freeipa.org/page/V4/External_Authentication Peter