I have created a Kubernetes cluster, and I wish to connect it to my Active Directory, using LDAP, so it'll behave as follows:
Anyone who want to run kubectl, will have to authenticate first (and that authentication shall be against my AD). Preferably, there will be single sign-on (SSO), meaning that the authentication should occur every once in a while (sessions).
However, I failed to find anything like that in the official Kubernetes docs, so I wanted to know what possible suggestions are there?
Kubernetes and Active Directory with Canonical
1 If you’re familiar with juju, Canonical’s automation system, you’ll be right at home with the CDK’s deployment process.
2 The CDK doesn’t just deploy Kubernetes, it will also deploy your hosts.
3 In addition to the hosts and Kubernetes, the CDK will install the NGINX ingress controller and can deploy Helm, Prometheus and other popular add-ons.
To integrate OpenUnison with your Active Directory you’ll need a few things:
1 The IP address or DNS host name of your Active Directory domain controller
2 The certificate for your domain
3 A read-only service account
Firstly there is no simple way(yet) to achieve this. One way to is to achieve as below.
Part one is to install DEX.
Dex is an OpenID Connect provider done by CoreOS. Dex can defer authentication to LDAP servers.
The second part is to install and configure gangway
It is by Hepito it will talk with OIDC provider which is Dex and It has a UI to configure kubectl(via downloading kubeconfig)
For SSO Joel Speed form Pusher wrote an awesome article it also uses dex but UI is custom.
Hope this help