Detailed Usage Instructions

[dengqian]

Describe the feature

I've installed capsule-proxy in my remote cluster and expose the service to a public IP address, how should I configure my kubectl to connect to the capsule-proxy reverse server? I add a simple load balancer to expose the service, the path is:

pullic IP:443 -> capsule-proxy.svc:9001

And what should I do next ? I didn't figure it out from the document

[prometherion]

Hey @dengqian, all your Tenant users must get through the Capsule Proxy to access multi-tenancy resources filtering, such as Namespace, cluster-scoped objects, and namespaced ones if the feature flag ProxyAllNamespaced is enabled.

Regarding authentication, it depends on your solution: if you're relying on OIDC tokens, you just need to put the capsule proxy endpoint and it's CA.

You can even use certificates but they're more clumsy, the rule of thumb is just changing the endpoint and the CA and it should work like a charm.