I’m looking for a simple authentication setup for my clusters. Our user store is AD so LDAP is used a lot. We also have an SAML IdP. The users need to be able to get their own kubeconfig. I really don’t want to have to install a bunch of other apps to make this work. It seems like this should be a simple thing that exists already and maybe I’m missing it.
Users should be able to generate their token after authenticating by LDAP, we had this on our previous distro.
I will try to look what utility was used… please wait…
Try this:
https://github.com/int128/kubelogin
https://pinniped.dev/docs/howto/supervisor/configure-supervisor-with-activedirectory/. we used this at my last job, but with Okta (this link is for AD)
I’m also going to implement this at my current job, unless I find something better when I get to that ticket . In the meantime I’ve just been doing the aws cli locally to update kube config: aws eks update-kubeconfig --name example --profile <some profile>
& I’ve been sharing the kube config with the developers