docs/doc/source/security/kubernetes/overview-of-ldap-servers.rst
Joao Victor Portal daa431e385 Updated OIDC app docs
This commit does 2 changes in the OIDC app docs:

1) The docs were updated to be explicit about the OIDC app being
   compatible with LDAP servers and not only with the Windows Active
   Directory;
2) The page "Centralized OIDC Authentication Setup for Distributed
   Cloud" was renamed to "Centralized vs Distributed OIDC Authentication
   Setup" and was moved in the index of pages to be right below the
   first page "Overview of LDAP Servers". The idea is to use this page
   as a entry point for someone learning about the OIDC app, because
   every user must decide between a centralized and a distributed setup
   and because this page has links to all other pages except
   "Deprovision LDAP Server Authentication".

Story: 2010738
Task: 49455

Change-Id: I61c5b7f322ac8159b649c70eeaa0195d97ab12c7
Signed-off-by: Joao Victor Portal <Joao.VictorPortal@windriver.com>
2024-01-29 19:14:14 -03:00

1.4 KiB

Overview of LDAP Servers

can be configured to use an compatible server, like a remote Windows Active Directory server or the Local server, to authenticate users of the Kubernetes API, using the oidc-auth-apps application.

The Local server is present in deploys. This server runs on the controllers. The only exception is the environments, where this server runs only on the SystemController's controllers, it is not present in the subcloud's controllers.

The oidc-auth-apps application installs a proxy identity provider that can be configured to proxy authentication requests to an 's identity provider, such as Windows Active Directory or Local . For more information, see https://github.com/dexidp/dex. The oidc-auth-apps application also provides an client for accessing the username and password login page for user authentication and retrieval of tokens. An oidc-auth CLI script can also be used for user authentication and retrieval of tokens.

In addition to installing and configuring the oidc-auth-apps application, the admin must also configure Kubernetes cluster's kube-apiserver to use the oidc-auth-apps identity provider for validation of tokens in Kubernetes API requests.