logo
allArticlesConferencesPresentations

K8s and Active Directory Can Be Friends! How to Use Dex to Bridge the Gap

Conference:  KubeCon + CloudNativeCon Europe 2022

2022-05-18

Authors:   Onkar Bhat

Summary

The tutorial demonstrates how to secure access to a Kubernetes application using Active Directory-based authentication with OpenLDAP, DEX, and OAuth2 Proxy.
  • The tutorial is aimed at users who want to migrate applications to Kubernetes or deploy new applications in Kubernetes and leverage their Active Directory server for authentication.
  • Option one involves rewriting the application to send an LDAP request to the OpenLDAP server, but the tutorial focuses on option three, which does not require rewriting the application.
  • Option three involves deploying OpenLDAP, DEX, and OAuth2 Proxy, and editing the system's hosts file to redirect the browser to the local host address where the servers are listening.
  • OpenLDAP is a directory service developed by Microsoft for Windows domain networks that uses the Lightweight Directory Access Protocol (LDAP).
  • DEX is an identity service that uses OpenID Connect, and OAuth2 Proxy is a reverse proxy for handling OAuth.
  • The tutorial includes step-by-step instructions for deploying OpenLDAP, DEX, and OAuth2 Proxy, and editing the system's hosts file.
  • At the end of the tutorial, the Pac-Man application is installed and access to it is secured by authenticating against the OpenLDAP server running in the Kubernetes cluster.
The presenter shares their experience of configuring and using DEX for Active Directory-based authentication while working at Castin, and expresses excitement about sharing their knowledge with the audience.

Abstract

So, you’ve decided to migrate your applications to Kubernetes, but you still want to leverage your legacy Active Directory services to authenticate access to those applications. With Dex, this isn’t just possible, it’s easy! Dex is an identity service that uses OpenID connect to authenticate apps by configuring connectors to defer authentication to an external entity, such as an AD server using the LDAP protocol. Onkar has worked with multiple organizations to help them deploy Dex and configure the LDAP connector to meet such authentication requirements. During this hands-on tutorial, attendees will set up an open source AD server and add users and groups, then configure the Dex LDAP connector. Onkar will guide them through the process step-by-step, then wrap up with a demonstration of how to use Dex to authenticate access to a sample application. You’ll leave with practical experience and confidence to deploy the same configuration in a production environment.Click here to view captioning/translation in the MeetingPlay platform!
Materials:
Slides
Tags:
Kubernetes
Active Directory
Dex
OpenID
LDAP

Post a comment

Related work

Tutorial: Deploying Cloud-Native Applications Using Kubevela and OAM

Conference:  KubeCon + CloudNativeCon Europe 2023
Authors: Daniel Higuero
2023-04-20

🦝 Secure the Build, Secure the Cloud: Using OIDC Tokens in CI/CD Pipelines

Conference:  KubeCon + CloudNativeCon Europe 2023
Authors: Alex Ilgayev, Elad Pticha
2023-04-21

Keycloak: The Open-Source IAM for Modern Applications

Conference:  KubeCon + CloudNativeCon Europe 2023
Authors: Yuichi Nakamura, Alexander Schwartz
2023-04-19

New Phishing Attacks Exploiting OAuth Authentication Flows

Conference:  Defcon 29
Authors:
2021-08-01

AAD Joined Machines - The New Lateral Movement

Conference:  Black Hat USA 2022
Authors:
2022-08-10

What Do You Mean K8s Doesn't Have Users? How Do I Manage User Access Then?

Conference:  KubeCon + CloudNativeCon Europe 2021
Authors: Jussi Nummelin