Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Access Kubernetes Dashboard via OpenID Connect Proxy
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: kubernetes-dashboard-proxy
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
app: kubernetes-dashboard-proxy
spec:
containers:
- image: quay.io/gambol99/keycloak-proxy:v2.1.1
name: kubernetes-dashboard-proxy
args:
- --listen=0.0.0.0:3000
- --discovery-url=https://keycloak.example.com/auth/realms/hello
- --client-id=kubernetes
- --client-secret=4d0462da-5ab3-4665-8b05-9e2ff3f1b448
- --redirection-url=https://kubernetes-dashboard.example.com
- --enable-refresh-tokens=true
- --encryption-key=MsVRjD36bfAxfBvHUKUjXOTPXaItDThn # 32 bytes string
- --upstream-url=https://kubernetes-dashboard.kube-system.svc.cluster.local
- --resources=uri=/*
ports:
- containerPort: 3000
livenessProbe:
httpGet:
path: /oauth/health
port: 3000
initialDelaySeconds: 3
timeoutSeconds: 2
readinessProbe:
httpGet:
path: /oauth/health
port: 3000
initialDelaySeconds: 3
timeoutSeconds: 2
---
apiVersion: v1
kind: Service
metadata:
name: kubernetes-dashboard-proxy
namespace: kube-system
spec:
type: ClusterIP
ports:
- protocol: TCP
port: 3000
targetPort: 3000
selector:
app: kubernetes-dashboard-proxy
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: kubernetes-dashboard-proxy
namespace: kube-system
spec:
rules:
- host: kubernetes-dashboard.example.com
http:
paths:
- path: /
backend:
serviceName: kubernetes-dashboard-proxy
servicePort: 3000
@ghost

This comment has been minimized.

Copy link

ghost commented Apr 26, 2018

@gambol99, Can we integrate keycloak with dex, where Dex is connected with LDAP? Can you please help us in this?
Can we perform binding role to a perticular LDAP user?
Regards,

@judexzhu

This comment has been minimized.

Copy link

judexzhu commented May 29, 2018

@ghost I believe keycloak can directly use LDAP/AD as user federation. So you can set LDAP user federation to a realm of your keycloak and set kubernetes as a client for authentication, for authorization I still need to use RBAC

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.