kubesphere集群ldap集成 - JarvanSi

kubesphere集群版本v3.1.1

kubectl edit configmaps -n kubesphere-system kubesphere-config

apiVersion: v1
data:
  kubesphere.yaml: |
    authentication:
      authenticateRateLimiterMaxTries: 10
      authenticateRateLimiterDuration: 10m0s
      loginHistoryRetentionPeriod: 168h
      maximumClockSkew: 10s
      multipleLogin: True
      kubectlImage: kubesphere/kubectl:v1.18.0
      jwtSecret: "KMBYll7EwpZvHeJQDIBZfVOY3emSYRMw"
# 增加部分
      oauthOptions:
        accessTokenMaxAge: 1h
        accessTokenInactivityTimeout: 30m
        identityProviders:
        - name: ldap
          type: LDAPIdentityProvider
          mappingMethod: auto
          provider:
            host: 172.24.30.89:389
            managerDN: cn=admin,dc=infinitas,dc=group
            managerPassword: ~J@|J[MD0p;~B%y(I--11mLKqj
            userSearchBase: dc=infinitas,dc=group
            loginAttribute: uid
            mailAttribute: mail

    ldap:
      host: openldap.kubesphere-system.svc:389
      managerDN: cn=admin,dc=kubesphere,dc=io
      managerPassword: admin
      userSearchBase: ou=Users,dc=kubesphere,dc=io
      groupSearchBase: ou=Groups,dc=kubesphere,dc=io

    redis:
      host: redis.kubesphere-system.svc
      port: 6379
      password: ""
      db: 0

最后重启apiserver

kubectl -n kubesphere-system rollout restart deploy/ks-apiserver

发表于 2022-10-07 20:32 JarvanSi 阅读(373) 评论(0) 编辑收藏举报