Need to extend FreeIPA deployment into cloud environment (at the
moment we use it in our HQ only) and seek for options how to do the
deployment with keeping security in mind.
Have some questions:
- is it possible to configure FreeIPA replica for subtree?
- not all FreeIPA accounts are required being available in cloud
environment (not all teams use clouds), would be great to be able to
limit amount of security objects being pushed to not controlled
environment
- is it possible to configure one way replica (HQ-to-cloud) with
possibility to register hosts on cloud instance?
- what are best practices for FreeIPA deployment in dynamic
environment (e.g. in Kubernetes/Docker containers for DevOps)?
- how to properly register/unregister hosts/containers?
- what is the implementation status of External Authentication
feature [1] (which might allow proper cloud deployment)
[1]
https://www.freeipa.org/page/V4/External_Authentication
Peter