This is a com.seitenbau.k8s.jwt.service that enables users in Kubernetes to authenticate via LDAP. For this a signed token is sent to the com.seitenbau.k8s.jwt.service, which contains subject, exhibitor and time of the exhibition. The signature of the token is verified with the public key and the corresponding groups are loaded from the LDAP. The algorithm is based on RS512.
openssl genrsa -out private_key.pem 4096
openssl rsa -pubout -in private_key.pem -out public_key.pem
# convert private key to pkcs8 format for java import
openssl pkcs8 -topk8 -in private_key.pem -inform pem -out private_key_pkcs8.pem -outform pem -nocrypt- pull docker image
docker pull seitenbau/k8s-ldap-webhook- run docker container overriding the default entrypoint
- needed parameters:
- –s → subject
- –i → issuer
- –f → private key file inside container
- –e → days until expiration
- –j → jwt id
- –h → show help
- needed parameters:
docker run -v /path/to/folder/with/private_key:/app/config --entrypoint ./token.sh kubeauth -s subject -i issuer -f ./config/<private_key_name>.pem- token will be printed to console
- inspect your token on jwt.io
- create application.properties according the example inside the resources folder
- copy public key in same folder as application.properties
- run container
docker run -v /path/to/config:/app/config -p 8087:8087 kubeauth- test authentication
curl --header "Content-Type: application/json" \
--request POST \
--data '{
"spec":{
"token":"your token"
}
}' \
http://localhost:8087/authnThis project was created by Seitenbau GmbH, 78467 Konstanz