Setting up the Binding Mechanism
Choose a Binding Mode
Klutch supports two ways to connect App Clusters to the Control Plane. Choose the approach that best fits your environment:
| OIDC-Based Binding | Control Plane Mode | |
|---|---|---|
| How it works | App Cluster operators authenticate via OIDC and initiate the binding from the App Cluster using the klutch-bind CLI. | The platform operator creates a kubeconfig with cluster-admin access to the App Cluster and registers it on the Control Plane. |
| Authentication | OpenID Connect (SSO) | ServiceAccount token (kubeconfig) |
| Who initiates | App Cluster operator | Platform operator |
| Best for | Multi-team environments where App Cluster operators manage their own clusters | Centrally managed environments where the platform team controls all clusters |
To learn more about control plane mode, check out the Architecture Deep Dive.
With the Klutch Control Plane Cluster deployed, continue with one of the binding modes above:
- OIDC-Based Binding: Deploy the klutch-bind backend with OIDC authentication.
- Control Plane Mode: Create a kubeconfig for the App Cluster and register it on the Control Plane.