Reputation: 506
How to configure custom ldap based authentication for GKE nodes?
We have a private GKE cluster and users want to SSH into the worker nodes, currently we inject their SSH' keys to enable login or ask them to use gcloud compute ssh command. Trying to understand if there is anyway to configure custom LDAP, so that we can avoid key based authentication and use LDAP. Please let me know if you have any other suggestions as well, Thanks!
Upvotes: 0
Views: 324
Answers (1)
Reputation: 5021
You can utilize OS Login with GKE now which does what you need: https://cloud.google.com/kubernetes-engine/docs/how-to/enable-oslogin
I'm assuming your LDAP users are already in Cloud Identity due to some syncing happening between LDAP and Cloud Identity.
From the docs: Once you have enabled the OS Login organization policy, you no longer need to manage SSH keys to make authorization decisions. OS Login moves authorization management to Identity and Access Management. To manage SSH access to nodes, use OS Login. For more details, see Setting up OS Login.
Upvotes: 3
Related Questions
- Dynamically created GKE deployments can't authenticate using SA
- How to set IAP (Identity Aware Proxy) authentication for back-end API service running on a GKE cluster
- Authentication to Kubernetes API of GKE cluster within Google Cloud Function
- How to Authenticate GKE Cluster on Kubernetes API Server using its Java client library
- Adding basic auth to kubernetes deployment
- How to authenticate to multiple GKE Kubernetes clusters using dynamic and unique google credentials
- LDAP based user authentication for Kubernetes
- How to set GOOGLE_APPLICATION_CREDENTIALS on GKE running through Kubernetes
- Login to GKE via service account with token
- enable kubernetes authentication api on gke