In this article, we will briefly explain the integration paths and provide examples for integrating the Dex open-source service with JumpCloud\u2019s cloud LDAP endpoint. <\/p>\n\n\n\n
Overview<\/h2>\n\n\n\n
Before we begin, the reader should familiarize themselves with two key external resources which will underpin this brief article. The first is related to\u00a0Dex\u00a0itself. Dex is an open source OIDC (OpenID Connect) authentication service\u00a0launched by CoreOS<\/a>. This service provides an essential abstraction layer between other services (e.g. an app, microservice or a Kubernetes cluster itself) and sources of identity such as LDAP, Google, Linkedin, etc. \u00a0<\/p>\n\n\n\n The second is a great piece by\u00a0Medium author, Krishna<\/a>, who was the inspiration for our piece and a deep dive on integrating a Kubernetes-based service with\u00a0JumpCloud\u2019s Cloud LDAP<\/a>.<\/p>\n\n\n\n In Krishna\u2019s article, he lays out an extremely simple model to follow. His tutorial, offered on his GitHub repo, \u201cKubernetes \u2013 LDAP authentication with Dex<\/a>\u201d, establishes a Kubernetes environment, lays down a simple app and associated services, \u201cloginapp\u201d, in addition to all of the Dex infrastructure required to integrate the app to authenticate with an LDAP service (JumpCloud in this case).<\/p>\n\n\n\n The simple interaction that is unpacked is generally, not precisely, as you see below in this sequence diagram:<\/p>\n\n\n <\/a><\/p>\n\n\n\n This article will not serve as the instructions for building out Krishna\u2019s demo environment. We assume the reader has the skills to do so, and specific questions if they arise, should be directed to\u00a0Krishna<\/a>.<\/p>\n\n\n\n In the steps Krishna details, the critical area as it relates to integrating with JumpCloud specifically relates to the\u00a0dex-cm.yml<\/strong>\u00a0config file. It is here that the parameters to point the Dex service to the JumpCloud LDAP endpoint must be input. As a prerequisite to understanding JumpCloud\u2019s LDAP structure, readers should review our instructional guide to setting up the cloud directory service\u2026 \u2013 e.g., establishing LDAP BindDN service accounts, selecting users in the directory that should be presented via our LDAP service and more\u00a0can be found here<\/a>. This article is foundational, easy to follow, and will prepare your JumpCloud\u2019s Cloud LDAP and its user and groups correctly. Once set up, you can even\u00a0practice native ldapsearch queries<\/a>\u00a0against it to see how the Dex service will do so in kind, behind the scenes once integrated.<\/p>\n\n\n\n Below is a sample of the Dex Yaml file. Where you see \u2018-\u2019 we have left what the file contained as defaults. Where you see \u2018+\u2019 you can see what we modified to talk accurately to JumpCloud\u2019s Cloud LDAP.<\/p>\n\n\n\n With the file configured as you see above, and given Krishna\u2019s instruction set was straight forward, the process was relatively quick to get LDAP-backed authentication for Kubernetes working. Note, we have leveraged Krishna\u2019s example to demonstrate LDAP authentication<\/a> of his \u2018loginapp\u2019, yet this same process can be leveraged to point the Kubernetes Dashboard, via Dex, to also use JumpCloud\u2019s LDAP for its own directory-based authentication.<\/p>\n\n\n\n You may want to visit GitHub contributor, Parallax, to\u00a0leverage their examples<\/a>\u00a0using JumpCloud LDAP to integrate with the Kubernetes Dashboard.<\/p>\n\n\n\n Of course, you can always\u00a0reach out to us directly<\/a>\u00a0for information or visit our\u00a0Knowledge Base<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":" Learn how to manage Kubernetes container\/orchestration authentication with DEX and LDAP from the cloud in this engineering blog post. <\/p>\n","protected":false},"author":30,"featured_media":30171,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[42],"tags":[],"collection":[],"platform":[],"funnel_stage":[3016],"coauthors":[2516],"acf":[],"yoast_head":"\nConfiguring Kubernetes to LDAP<\/h2>\n\n\n\n
![\"kubernetes-ldap-diagram\"\/](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/03\/kubernetes-ldap-diagram-1030x323.png\")
<\/figure><\/div>\n\n\nImplementation with JumpCloud LDAP<\/h2>\n\n\n\n
$ cat changes.txt \ndiff –git a\/dex-cm.yml b\/dex-cm.yml\nindex 40fd682..d2877d3 100644\n— a\/dex-cm.yml\n+++ b\/dex-cm.yml\n@@ -5,7 +5,7 @@ metadata:\n namespace: auth\n data:\n config.yaml: |\n– issuer: https:\/\/dex.k8s.example.org\/dex\n+ issuer: https:\/\/dex.k8s.example.org:32000\/dex\n storage:\n type: kubernetes\n config:\n@@ -29,18 +29,18 @@ data:\n # If the port is not supplied, it will be guessed based on “insecureNoSSL”,\n # and “startTLS” flags. 389 for insecure or StartTLS connections, 636\n # otherwise.\n– host: ldap.k8s.example.org:389\n+ host: ldap.jumpcloud.com:636\n\n # Following field is required if the LDAP host is not using TLS (port 389).\n # Because this option inherently leaks passwords to anyone on the same network\n # as dex, THIS OPTION MAY BE REMOVED WITHOUT WARNING IN A FUTURE RELEASE.\n #\n– insecureNoSSL: true\n+ insecureNoSSL: false\n # If a custom certificate isn’t provide, this option can be used to turn on\n # TLS certificate checks. As noted, it is insecure and shouldn’t be used outside\n # of explorative phases.\n #\n– insecureSkipVerify: true\n+ insecureSkipVerify: false\n # When connecting to the server, connect using the ldap:\/\/ protocol then issue\n # a StartTLS command. If unspecified, connections will use the ldaps:\/\/ protocol\n #\n@@ -54,16 +54,16 @@ data:\n # server provides access for anonymous auth.\n # Please note that if the bind password contains a `$`, it has to be saved in an\n # environment variable which should be given as the value to `bindPW`.\n– bindDN: cn=admin,dc=example,dc=org\n– bindPW: admin\n+ bindDN: uid=<redacted>,ou=Users,o=<redacted Org ID>,dc=jumpcloud,dc=com\n+ bindPW: ‘<redacted>’\n\n # User search maps a username and password entered by a user to a LDAP entry.\n userSearch:\n # BaseDN to start the search from. It will translate to the query\n # “(&(objectClass=person)(uid=<username>))”.\n– baseDN: ou=People,dc=example,dc=org\n+ baseDN: ou=Users,o=<redacted Org ID>,dc=jumpcloud,dc=com\n # Optional filter to apply when searching the directory.\n– filter: “(objectClass=posixAccount)”\n+ filter: “(objectClass=inetOrgPerson)”\n # username attribute used for comparing user entries. This will be translated\n # and combine with the other filter as “(<attr>=<username>)”.\n username: mail\n@@ -73,20 +73,20 @@ data:\n # Required. Attribute to map to Email.\n emailAttr: mail\n # Maps to display name of users. No default value.\n– nameAttr: uid\n+ nameAttr: cn\n\n # Group search queries for groups given a user entry.\n groupSearch:\n # BaseDN to start the search from. It will translate to the query\n # “(&(objectClass=group)(member=<user uid>))”.\n– baseDN: ou=Groups,dc=example,dc=org\n+ baseDN: ou=Users,o=<redacted Org ID>,dc=jumpcloud,dc=com\n # Optional filter to apply when searching the directory.\n– filter: “(objectClass=posixGroup)”\n+ filter: “(objectClass=groupOfNames)”\n # Following two fields are used to match a user to a group. It adds an additional\n # requirement to the filter that an attribute in the group must match the user’s\n # attribute value.\n– userAttr: uid\n– groupAttr: memberUid\n+ userAttr: DN\n+ groupAttr: member\n # Represents group name.\n nameAttr: cn\n oauth2:<\/pre>\n\n\n\n
Additional Resources<\/h2>\n\n\n\n
![<\/a><\/p>\n\n\n\nThis article will not serve as the instructions for building out Krishna\u2019s demo environment. We assume the reader has the skills to do so, and specific questions if they arise, should be directed to\u00a0Krishna<\/a>.<\/p>\n\n\n\nImplementation with JumpCloud LDAP<\/h2>\n\n\n\nIn the steps Krishna details, the critical area as it relates to integrating with JumpCloud specifically relates to the\u00a0dex-cm.yml<\/strong>\u00a0config file. It is here that the parameters to point the Dex service to the JumpCloud LDAP endpoint must be input. As a prerequisite to understanding JumpCloud\u2019s LDAP structure, readers should review our instructional guide to setting up the cloud directory service\u2026 \u2013 e.g., establishing LDAP BindDN service accounts, selecting users in the directory that should be presented via our LDAP service and more\u00a0can be found here<\/a>. This article is foundational, easy to follow, and will prepare your JumpCloud\u2019s Cloud LDAP and its user and groups correctly. Once set up, you can even\u00a0practice native ldapsearch queries<\/a>\u00a0against it to see how the Dex service will do so in kind, behind the scenes once integrated.<\/p>\n\n\n\nBelow is a sample of the Dex Yaml file. Where you see \u2018-\u2019 we have left what the file contained as defaults. Where you see \u2018+\u2019 you can see what we modified to talk accurately to JumpCloud\u2019s Cloud LDAP.<\/p>\n\n\n\n $ cat changes.txt \ndiff –git a\/dex-cm.yml b\/dex-cm.yml\nindex 40fd682..d2877d3 100644\n— a\/dex-cm.yml\n+++ b\/dex-cm.yml\n@@ -5,7 +5,7 @@ metadata:\n namespace: auth\n data:\n config.yaml: |\n– issuer: https:\/\/dex.k8s.example.org\/dex\n+ issuer: https:\/\/dex.k8s.example.org:32000\/dex\n storage:\n type: kubernetes\n config:\n@@ -29,18 +29,18 @@ data:\n # If the port is not supplied, it will be guessed based on “insecureNoSSL”,\n # and “startTLS” flags. 389 for insecure or StartTLS connections, 636\n # otherwise.\n– host: ldap.k8s.example.org:389\n+ host: ldap.jumpcloud.com:636\n\n # Following field is required if the LDAP host is not using TLS (port 389).\n # Because this option inherently leaks passwords to anyone on the same network\n # as dex, THIS OPTION MAY BE REMOVED WITHOUT WARNING IN A FUTURE RELEASE.\n #\n– insecureNoSSL: true\n+ insecureNoSSL: false\n # If a custom certificate isn’t provide, this option can be used to turn on\n # TLS certificate checks. As noted, it is insecure and shouldn’t be used outside\n # of explorative phases.\n #\n– insecureSkipVerify: true\n+ insecureSkipVerify: false\n # When connecting to the server, connect using the ldap:\/\/ protocol then issue\n # a StartTLS command. If unspecified, connections will use the ldaps:\/\/ protocol\n #\n@@ -54,16 +54,16 @@ data:\n # server provides access for anonymous auth.\n # Please note that if the bind password contains a `$`, it has to be saved in an\n # environment variable which should be given as the value to `bindPW`.\n– bindDN: cn=admin,dc=example,dc=org\n– bindPW: admin\n+ bindDN: uid=<redacted>,ou=Users,o=<redacted Org ID>,dc=jumpcloud,dc=com\n+ bindPW: ‘<redacted>’\n\n # User search maps a username and password entered by a user to a LDAP entry.\n userSearch:\n # BaseDN to start the search from. It will translate to the query\n # “(&(objectClass=person)(uid=<username>))”.\n– baseDN: ou=People,dc=example,dc=org\n+ baseDN: ou=Users,o=<redacted Org ID>,dc=jumpcloud,dc=com\n # Optional filter to apply when searching the directory.\n– filter: “(objectClass=posixAccount)”\n+ filter: “(objectClass=inetOrgPerson)”\n # username attribute used for comparing user entries. This will be translated\n # and combine with the other filter as “(<attr>=<username>)”.\n username: mail\n@@ -73,20 +73,20 @@ data:\n # Required. Attribute to map to Email.\n emailAttr: mail\n # Maps to display name of users. No default value.\n– nameAttr: uid\n+ nameAttr: cn\n\n # Group search queries for groups given a user entry.\n groupSearch:\n # BaseDN to start the search from. It will translate to the query\n # “(&(objectClass=group)(member=<user uid>))”.\n– baseDN: ou=Groups,dc=example,dc=org\n+ baseDN: ou=Users,o=<redacted Org ID>,dc=jumpcloud,dc=com\n # Optional filter to apply when searching the directory.\n– filter: “(objectClass=posixGroup)”\n+ filter: “(objectClass=groupOfNames)”\n # Following two fields are used to match a user to a group. It adds an additional\n # requirement to the filter that an attribute in the group must match the user’s\n # attribute value.\n– userAttr: uid\n– groupAttr: memberUid\n+ userAttr: DN\n+ groupAttr: member\n # Represents group name.\n nameAttr: cn\n oauth2:<\/pre>\n\n\n\nWith the file configured as you see above, and given Krishna\u2019s instruction set was straight forward, the process was relatively quick to get LDAP-backed authentication for Kubernetes working. Note, we have leveraged Krishna\u2019s example to demonstrate LDAP authentication<\/a> of his \u2018loginapp\u2019, yet this same process can be leveraged to point the Kubernetes Dashboard, via Dex, to also use JumpCloud\u2019s LDAP for its own directory-based authentication.<\/p>\n\n\n\nAdditional Resources<\/h2>\n\n\n\nYou may want to visit GitHub contributor, Parallax, to\u00a0leverage their examples<\/a>\u00a0using JumpCloud LDAP to integrate with the Kubernetes Dashboard.<\/p>\n\n\n\nOf course, you can always\u00a0reach out to us directly<\/a>\u00a0for information or visit our\u00a0Knowledge Base<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"Learn how to manage Kubernetes container\/orchestration authentication with DEX and LDAP from the cloud in this engineering blog post. <\/p>\n","protected":false},"author":30,"featured_media":30171,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[42],"tags":[],"collection":[],"platform":[],"funnel_stage":[3016],"coauthors":[2516],"acf":[],"yoast_head":"\nKubernetes Authentication using Dex and LDAP - JumpCloud<\/title>\n<meta name=\"description\" content=\"Learn how to manage Kubernetes container\/orchestration authentication with DEX and LDAP from the cloud in this engineering blog post.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Kubernetes Authentication using Dex and LDAP\" \/>\n<meta property=\"og:description\" content=\"Learn how to manage Kubernetes container\/orchestration authentication with DEX and LDAP from the cloud in this engineering blog post.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:published_time\" content=\"2019-03-22T18:00:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-11-03T21:51:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/03\/kubernetes-jumpcloud-auth.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Greg Keller\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Greg Keller\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap#article\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap\"},\"author\":{\"name\":\"Greg Keller\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/33bf05bce1792138e1fac8878933c1f6\"},\"headline\":\"Kubernetes Authentication using Dex and LDAP\",\"datePublished\":\"2019-03-22T18:00:43+00:00\",\"dateModified\":\"2022-11-03T21:51:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap\"},\"wordCount\":661,\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/03\/kubernetes-jumpcloud-auth.jpg\",\"articleSection\":[\"News\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap\",\"url\":\"https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap\",\"name\":\"Kubernetes Authentication using Dex and LDAP - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/03\/kubernetes-jumpcloud-auth.jpg\",\"datePublished\":\"2019-03-22T18:00:43+00:00\",\"dateModified\":\"2022-11-03T21:51:54+00:00\",\"description\":\"Learn how to manage Kubernetes container\/orchestration authentication with DEX and LDAP from the cloud in this engineering blog post.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/03\/kubernetes-jumpcloud-auth.jpg\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/03\/kubernetes-jumpcloud-auth.jpg\",\"width\":1920,\"height\":1080},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Kubernetes Authentication using Dex and LDAP\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/33bf05bce1792138e1fac8878933c1f6\",\"name\":\"Greg Keller\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/bb829f9c68b309c7d66b61d4436f8afa\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/1329dd1fe0f66c8a37039a19f3169d11?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/1329dd1fe0f66c8a37039a19f3169d11?s=96&d=mm&r=g\",\"caption\":\"Greg Keller\"},\"description\":\"JumpCloud CTO, Greg Keller is a career product visionary and executive management leader. With over two decades of product management, product marketing, and operations experience ranging from startups to global organizations, Greg excels in successful go-to-market execution.\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Kubernetes Authentication using Dex and LDAP - JumpCloud","description":"Learn how to manage Kubernetes container\/orchestration authentication with DEX and LDAP from the cloud in this engineering blog post.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap","og_locale":"en_US","og_type":"article","og_title":"Kubernetes Authentication using Dex and LDAP","og_description":"Learn how to manage Kubernetes container\/orchestration authentication with DEX and LDAP from the cloud in this engineering blog post.","og_url":"https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap","og_site_name":"JumpCloud","article_published_time":"2019-03-22T18:00:43+00:00","article_modified_time":"2022-11-03T21:51:54+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/03\/kubernetes-jumpcloud-auth.jpg","type":"image\/jpeg"}],"author":"Greg Keller","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Greg Keller","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap#article","isPartOf":{"@id":"https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap"},"author":{"name":"Greg Keller","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/33bf05bce1792138e1fac8878933c1f6"},"headline":"Kubernetes Authentication using Dex and LDAP","datePublished":"2019-03-22T18:00:43+00:00","dateModified":"2022-11-03T21:51:54+00:00","mainEntityOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap"},"wordCount":661,"publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/03\/kubernetes-jumpcloud-auth.jpg","articleSection":["News"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap","url":"https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap","name":"Kubernetes Authentication using Dex and LDAP - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/03\/kubernetes-jumpcloud-auth.jpg","datePublished":"2019-03-22T18:00:43+00:00","dateModified":"2022-11-03T21:51:54+00:00","description":"Learn how to manage Kubernetes container\/orchestration authentication with DEX and LDAP from the cloud in this engineering blog post.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/03\/kubernetes-jumpcloud-auth.jpg","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/03\/kubernetes-jumpcloud-auth.jpg","width":1920,"height":1080},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/blog\/kubernetes-auth-dex-ldap#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Kubernetes Authentication using Dex and LDAP"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/33bf05bce1792138e1fac8878933c1f6","name":"Greg Keller","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/bb829f9c68b309c7d66b61d4436f8afa","url":"https:\/\/secure.gravatar.com\/avatar\/1329dd1fe0f66c8a37039a19f3169d11?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1329dd1fe0f66c8a37039a19f3169d11?s=96&d=mm&r=g","caption":"Greg Keller"},"description":"JumpCloud CTO, Greg Keller is a career product visionary and executive management leader. With over two decades of product management, product marketing, and operations experience ranging from startups to global organizations, Greg excels in successful go-to-market execution."}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/30170"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/30"}],"replies":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/comments?post=30170"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/30170\/revisions"}],"predecessor-version":[{"id":71316,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/30170\/revisions\/71316"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media\/30171"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=30170"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=30170"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/tags?post=30170"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=30170"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=30170"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=30170"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=30170"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/03\/kubernetes-ldap-diagram.png\"){kind=link}