Menu
I have created a Kubernetes cluster, and I wish to connect it to my Active Directory, using LDAP, so it'll behave as follows:
Anyone who want to run kubectl, will have to authenticate first (and that authentication shall be against my AD). Preferably, there will be single sign-on (SSO), meaning that the authentication should occur every once in a while (sessions).
However, I failed to find anything like that in the official Kubernetes docs, so I wanted to know what possible suggestions are there?
749
Firstly there is no simple way(yet) to achieve this. One way to is to achieve as below.
Part one is to install DEX.
Dex is an OpenID Connect provider done by CoreOS. Dex can defer authentication to LDAP servers.
The second part is to install and configure gangway
It is by Hepito it will talk with OIDC provider which is Dex and It has a UI to configure kubectl(via downloading kubeconfig)
For SSO Joel Speed form Pusher wrote an awesome article it also uses dex but UI is custom.
Hope this help
95
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
