Skip to content

Environments

Bifröst executes user sessions within environments. These environments can either be the local environment of the host (on which Bifröst runs on) itself or even containers.

Types

  1. docker: Docker executes each user session inside a separate Docker container.
  2. kubernetes: Kubernetes executes each user session inside a separate POD in a defined cluster.
  3. local: Local executes on the host itself (same host on which Bifröst is running).
  4. dummy: Dummy for demonstration purposes, it simply prints a message and exists immediately.

Examples

  1. Using local environment: 
    1
2
    type: local
name: "{{.authorization.user.name}}"
  2. Using simple kubernetes environment: 
    1
    type: kubernetes
  3. Using simple docker environment: 
    1
    type: docker
  4. Using kubernetes environment with Ubuntu image, custom kubeconfig file and additional settings: 
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
    type: kubernetes
config: "/etc/kube/my-kube-config"
context: "my-kube-context"
image: ubuntu
## Using /bin/bash instead of /bin/sh,
## because it does exist in the image
shellCommand: [/bin/bash]
execCommand: [/bin/bash, -c]

## Only allow login if the OIDC's groups has "my-great-group-uuid"
## ...and the tid (tenant ID) is "my-great-tenant-uuid"
loginAllowed: |
    {{ and
      (.authorization.idToken.groups | has "my-great-group-uuid")
      (.authorization.idToken.tid    | eq  "my-great-tenant-uuid")
    }}
  5. Using docker environment with Ubuntu image and additional settings: 
    1
2
3
4
5
6
    type: docker
image: ubuntu
## Using /bin/bash instead of /bin/sh,
## because it does exist in the image
shellCommand: [/bin/bash]
execCommand: [/bin/bash, -c]
  6. Using dummy environment with a simple message: 
    1
2
    type: dummy
banner: "Hello, {{.authorization.idToken.name}}!\n"