The name of the service object for the dashboard The label of the dashboard pod, this is used to delete the pod once new certificates are generated The name of the secret in the dashboard's namespace that stores the certificate for the dashboard For the 1.x dashboard this is kube-system, for the 2.x dashboard this is kubernetes-dashboard The path to the MyVD configuration file, unless being customized, use WEB-INF/nf If your distribution doesn't support this (such as Canonical and Rancher), set this to false Tells the deployment system if you should use k8s' built in certificate manager. The C attribute for the forward facing certificate The ST attribute for the forward facing certificate The L attribute for the forward facing certificate The O attribute for the forward facing certificate The OU attribute for the forward facing certificate If true, OpenUnison will lookup domain controllers by the domain's SRV DNS record
UNISON LOGIN FULL
The full distinguished name (DN) of a read-only service account for working with Active Directory The port to communicate with Active Directory If using SRV records to determine hosts, this should be the fully qualified domain name of the domain The host name for a domain controller or VIP. Labels that the istio Gateway object will be applied to. The certificate that the Ingress object should reference Set to false when using an external TLS termination point, such as an istio sidecar proxy If true, all traffic that reaches OpenUnison over http will be redirected to https. Set to false if using an existing certificate or LetsEncrypt If true (default), the operator will create a self signed Ingress certificate. The number of seconds of inactivity before the session is terminated, also the length of the refresh token's session NOTE: network.openunison_host and network.dashboard_host This is what kubectl will interact with to access your cluster. The host name to use for the api server reverse proxy. NOTE: network.openunison_host and network.dashboard_host Both network.openunison_host and network.dashboard_host MUST point to OpenUnison
This is what users will put into the browser to access to the dashboard. This is what user's will put into their browser to login to Kubernetes
UNISON LOGIN UPDATE
This should be long and random, with no ampersands ( &)Ĭopy values.yaml ( ) and update as appropriate: Property
UNISON LOGIN PASSWORD
The password for OpenUnison's keystore, should NOT contain an ampersand ( &)Ī random string of characters used to secure the SSO process with the dashboard. The password for the ldap service account used to communicate with Active Directory/LDAP Create a secret for your Active Directory password.Add Tremolo Security's Helm repo to your own.The certificate authority certificate for your Active Directory forest.The Nginx Ingress Controller deployed ( ).Prior to deploying Orchestra you will need: This 11 minute video shows the entire deployment and user onboarding process All objects for session state are stored as CRDs. The login portal has no external dependencies outside of Active Directory and Kubernetes. OpenUnison will inject the user's identity into each request, allowing the dashboard to act on their behalf. When a user accesses Kubernetes using Orchestra, they'll access both the login portal and the dashboard through OpenUnison (instead of directly via an ingress). The portal runs inside of Kubernetes, leveraging Kubernetes for scalability, secret management and deployment. Orchestra Login Portal provides a login portal for Kubernetes that allows you to authenticate with your Active Directory credentials, use Active Directory groups for RBAC authorizations and provides integration for both kubectl and the Kubernetes Dashboard ( ). Short video of logging into Kubernetes and using kubectl using Active Directory It will continue to be updated until, however new features will not be added to this repo. Please go to to integrate your cluster with OpenUnison.
Orchestra Login Portal for ActiveDirectory
0 kommentar(er)
