
Kube-ldap: LDAP Authentication for kubernetes - _juckerf
https://github.com/gyselroth/kube-ldap
======
SEJeff
Also see dex[1] and pair it with something like kuberos[2] to do a similar
thing. I have used these both happily for our kubernetes cluster.

[1] [https://github.com/coreos/dex](https://github.com/coreos/dex)

[2] [https://github.com/negz/kuberos](https://github.com/negz/kuberos)

~~~
_juckerf
thanks for this input. During my research I encountered several existing
solutions but most of them seemed a bit overkill for my purposes (testing
kubernetes in our company). So I developed a really lightweight solution. E.g.
with dex and kuberos one has to set up two additional services just for
something simple like ldap auth (ok, with kube-ldap one has to setup one
additional service too^^). On the other hand I really like the advantages of
an oidc-based login (automatic token refresh, natively built-in to
kubernetes...), so this will probably be a way to go when our kubernetes setup
is going to reach maturity.

~~~
SEJeff
Yup, this is what CoreOS production tectonic clusters (and many open source
clusters) use for authentication.

That said, kube-ldap is still really cool. Thanks for releasing it!

------
_juckerf
kube-ldap is a Webhook Token Authentication plugin for kubernetes to use LDAP
as authentication source. It let's authenticated users generate tokens by http
request and validates the token when requested by the kubernetes apiserver.

