docs/doc/source/security/kubernetes/overview-of-windows-active-directory.rst

Overview of Windows Active Directory

can be configured to use a remote Windows Active Directory server to authenticate users of the Kubernetes API, using the oidc-auth-apps application.

The oidc-auth-apps application installs a proxy identity provider that can be configured to proxy authentication requests to an (s) identity provider, such as Windows Active Directory. For more information, see, https://github.com/dexidp/dex. The oidc-auth-apps application also provides an client for accessing the username and password login page for user authentication and retrieval of tokens. An oidc-auth CLI script can also be used for user authentication and retrieval of tokens.

In addition to installing and configuring the oidc-auth-apps application, the admin must also configure Kubernetes cluster's kube-apiserver to use the oidc-auth-apps identity provider for validation of tokens in Kubernetes API requests.