Nubus for Kubernetes is officially live with version 1.0, and it’s all set for real-world deployment! Now, organizations have the power to build large application environments that are not only user-friendly but also scalable on a whole new level. With Nubus, managing identities, permissions, and application access is straightforward and efficient—centralized, exactly as it should be. And because it’s Open Source, operators keep full flexibility and transparency at every step.
Table of Contents
Built on Kubernetes and fully aligned with the BSI IT Baseline Protection, this release packs in an automated software lifecycle, robust security standards, and built-in scalability and redundancy. Nubus for Kubernetes is simply the ideal platform for cloud service operators and large-scale IT environments looking for both power and peace of mind.
Nubus – Identity Management for Application Environments
Nubus offers end users secure, convenient access to all the applications they need for their work. This solution enables deep technical integration across various applications and services, simplifying secure management of user accounts, permissions, and application connections for IT operators. With Nubus, users get one simple, secure way in—all their apps, one login, no hassle.
As the central hub for digital identities, Nubus pulls together all the essential info on user accounts, groups, and permissions in one place. With standardized interfaces for user authentication—like OpenID Connect and SAML—and for accessing and provisioning user data (think LDAP and REST API), operators and integrators can easily connect third-party apps. The user-friendly portal gives everyone in the organization smooth access to their IT environment, with built-in self-services that let users manage their own accounts and reset passwords on their own.
Nubus for Kubernetes – Cloud-Optimized Identity Management
Nubus for Kubernetes is built for the cloud, fully embracing cloud paradigms and DevOps methods. The entire software lifecycle—from installation and upgrades to scaling—is automated according to Kubernetes best practices, including Helm charts. And connecting external apps? No problem. Whether it’s applications provided by Univention or custom ones from external vendors, they can be added as “packaged integrations” and plugged right into the automated lifecycle.
Thanks to its modular design, Nubus for Kubernetes keeps every component scalable and redundant as needed, tapping into Kubernetes automation wherever it makes sense. The solution also checks off requirements from the BSI Baseline Protection Catalog, so operators can get their environments certified. And, as with all Univention software, the entire source code is open and available. On top of all the perks of Open Source, you’ve got the option of direct support and product assurance from the original developer, Univention.
Nubus for Kubernetes 1.0 – What’s in the Release?
Since we first announced our plans to develop Univention Nubus and released an alpha version for Kubernetes in June, we’ve been rolling out updates continuously. These updates have also fed into the Sovereign Workplace for Public Administration openDesk, which was developed by ZenDiS (Zentrum Digitale Souveränität, Center for Digital Sovereignty). By the time openDesk 1.0 launched at the Smart Country Convention in mid-October, Nubus’s capabilities were already production-ready within the openDesk framework. Now, with the release of Nubus for Kubernetes 1.0, the full feature set of Nubus is also available as a standalone solution outside of openDesk.
This release is aimed at organizations with Kubernetes and DevOps experience that want a unified, technically integrated IT solution rather than isolated applications, all accessible through a single interface. Nubus for Kubernetes provides the foundation for this, serving as a central identity management system for organizations, or even as a bridge between applications and external IAM systems. This makes it ideal not only for in-house IT but also for cloud service providers looking to build SaaS solutions.
For users, Nubus for Kubernetes comes with one of the most comprehensive documentation packages Univention has ever published for a version 1.0 release. In addition to an Operations Manual for management, there’s a detailed Architecture Manual that explains the technical structure.
Nubus for Kubernetes or Nubus for UCS?
Univention offers Nubus not only as a Kubernetes variant but also for Univention Corporate Server (UCS). UCS is designed as a software appliance for operation in virtual machines, allowing for quick deployment with preconfigured services and integrations (Details in our Operation Manual).
If you’re looking to get Nubus up and running quickly as your identity management solution and don’t have a Kubernetes environment in place, we recommend using Nubus on UCS. UCS is also perfect for those who need additional services, like the Samba 4-based, Active Directory-compatible domain controller for connecting your workstations—services that aren’t (yet) available for Kubernetes. And if you decide to switch to the Kubernetes version of Nubus later, it’s an easy transition.
For organizations already running a Kubernetes environment and needing maximum flexibility, scalability, and compliance with strict BSI Baseline Protection requirements, starting with Nubus for Kubernetes is the way to go.
Looking Ahead: Future Features
With this new release of Nubus for Kubernetes, we’ve laid the groundwork for productive use and set the stage for focused future development. We’re zooming in on two main areas for the next phase.
- First up, we’ll be rolling out a series of updates in the coming weeks to further enhance redundancy for the Nubus directory service, OpenLDAP. Right now, many replicas can be set up to distribute read access, but soon, new updates will also allow additional writable instances to act as “hot standby” backups that kick in automatically during service interruptions. This addresses one of the top requests we’ve heard from large organizations using Univention Nubus.
- The second focus is on delivering packaged integrations for popular applications. These will make it possible to configure Nubus for specific apps as part of automated deployment, and they’ll receive ongoing adjustments through Univention updates. We’re planning integration packages for applications like Open-Xchange and Nextcloud, used in openDesk. At the same time, we’ll be expanding our documentation to support operators and integrators in building their own packaged integrations.
Beyond this, we have even more on the agenda to further optimize Nubus. While details on functionality improvements and interface enhancements would be too much for this article, stay tuned—I’ll be diving into these developments in upcoming articles over the next weeks and months.
Nubus for Kubernetes: Setting a New Standard in Identity Management
Nubus for Kubernetes marks a true milestone in our product journey. It’s designed for easy automation, offers enhanced integration capabilities, and is significantly more scalable than previous solutions. Drawing from our years of experience with UCS and integration in openDesk, we’ve tailored Nubus to meet user needs precisely—and with version 1.0, we’re delivering a comprehensive, exceptionally polished release.
We’d love to hear from you! Got questions about getting started? Are there specific applications you’d like to see packaged integrations for?