logo

K8s and Active Directory Can Be Friends! How to Use Dex to Bridge the Gap

2022-05-18

Authors:   Onkar Bhat


Summary

The tutorial demonstrates how to secure access to a Kubernetes application using Active Directory-based authentication with OpenLDAP, DEX, and OAuth2 Proxy.
  • The tutorial is aimed at users who want to migrate applications to Kubernetes or deploy new applications in Kubernetes and leverage their Active Directory server for authentication.
  • Option one involves rewriting the application to send an LDAP request to the OpenLDAP server, but the tutorial focuses on option three, which does not require rewriting the application.
  • Option three involves deploying OpenLDAP, DEX, and OAuth2 Proxy, and editing the system's hosts file to redirect the browser to the local host address where the servers are listening.
  • OpenLDAP is a directory service developed by Microsoft for Windows domain networks that uses the Lightweight Directory Access Protocol (LDAP).
  • DEX is an identity service that uses OpenID Connect, and OAuth2 Proxy is a reverse proxy for handling OAuth.
  • The tutorial includes step-by-step instructions for deploying OpenLDAP, DEX, and OAuth2 Proxy, and editing the system's hosts file.
  • At the end of the tutorial, the Pac-Man application is installed and access to it is secured by authenticating against the OpenLDAP server running in the Kubernetes cluster.
The presenter shares their experience of configuring and using DEX for Active Directory-based authentication while working at Castin, and expresses excitement about sharing their knowledge with the audience.

Abstract

So, you’ve decided to migrate your applications to Kubernetes, but you still want to leverage your legacy Active Directory services to authenticate access to those applications. With Dex, this isn’t just possible, it’s easy! Dex is an identity service that uses OpenID connect to authenticate apps by configuring connectors to defer authentication to an external entity, such as an AD server using the LDAP protocol. Onkar has worked with multiple organizations to help them deploy Dex and configure the LDAP connector to meet such authentication requirements. During this hands-on tutorial, attendees will set up an open source AD server and add users and groups, then configure the Dex LDAP connector. Onkar will guide them through the process step-by-step, then wrap up with a demonstration of how to use Dex to authenticate access to a sample application. You’ll leave with practical experience and confidence to deploy the same configuration in a production environment.Click here to view captioning/translation in the MeetingPlay platform!

Materials: