cf98a7c9ea
Per Teresa H. OIDC CLI access script is part of image and does not need to be downloaded. Cleaned up explicit references to DS doenloads location and replaced with placeholder. Added note that oidc-auth script needs to be downloaded if used from remote hosts Patchset2 review updates Signed-off-by: Ron Stone <ronald.stone@windriver.com> Change-Id: I9e713b9c41d8dbe4bad0fe0c2866c913853a79db
1.1 KiB
Overview of Windows Active Directory
can be configured to use a remote Windows Active Directory server to authenticate users of the Kubernetes API, using the oidc-auth-apps application.
The oidc-auth-apps application installs a proxy identity provider that can be configured to proxy authentication requests to an (s) identity provider, such as Windows Active Directory. For more information, see, https://github.com/dexidp/dex. The oidc-auth-apps application also provides an client for accessing the username and password login page for user authentication and retrieval of tokens. An oidc-auth CLI script can also be used for user authentication and retrieval of tokens.
In addition to installing and configuring the oidc-auth-apps application, the admin must also configure Kubernetes cluster's kube-apiserver to use the oidc-auth-apps identity provider for validation of tokens in Kubernetes API requests.