Would you like to learn how to set up the Radius authentication of the Kubernetes Dashboard with Freeradius? In this tutorial, we are going to show you how to authenticate Kubernetes Dashboard users using the Radius protocol and the Freeradius service on a computer running Ubuntu Linux.

• Ubuntu 20
• Ubuntu 19
• Ubuntu 18
• Kubernetes 1.18

This tutorial will install a single-node Kubernetes cluster.

In our example, the IP address of the Kubernetes master node is 192.168.15.200.

In our example, the IP address of the Radius server is 192.168.15.10.

Tutorial – FreeRadius Server Installation on Ubuntu Linux

• IP – 192.168.15.10
• Operacional System – Ubuntu 20
• Hostname – FREERADIUS

On the Linux console, use the following commands to install the FreeRadius service.

Copy to Clipboard

Now, we need to add FreeRadius clients to the clients.conf;.

Locate and edit the clients.conf.

Copy to Clipboard

Add the following lines at the end of the clients.conf file.

Copy to Clipboard

In our example, we are adding 1 client device:

The device was named KUBERNETES and has the IP address 192.168.15.200.

In our example, we set the secret: KAMISAMA123.

Now, we need to add FreeRadius users to the USERS configuration file.

Find and edit the Freeradius user configuration file.

Copy to Clipboard

Add the following lines at the end of the file

Copy to Clipboard

In our example, we create a user account named ADMIN.

Restart the Freeradius server.

Copy to Clipboard

Test your radius server configuration file.

Copy to Clipboard

You have finished the Freeradius installation on Ubuntu Linux.

Tutorial Kubernetes – Master node Installation

Install the list of required packages.

Copy to Clipboard

Install the Docker service.

Copy to Clipboard

Enable the Docker service during boot.

Copy to Clipboard

Edit the Docker service configuration file.

Copy to Clipboard

Add the following configuration at the end of the item named: EXECSTART

Copy to Clipboard

Here is the file before our configuration.

Copy to Clipboard

Here is the file after our configuration.

Copy to Clipboard

Create a System configuration file.

Copy to Clipboard

Here is the file content.

Copy to Clipboard

Enable the System configuration file.

Copy to Clipboard

Edit the configuration file named: MODULES.CONF

Copy to Clipboard

Add the following configuration at the end of this file.

Copy to Clipboard

Edit the FSTAB configuration file and disable the use of Swap memory.

Copy to Clipboard

Here is the file before our configuration.

Copy to Clipboard

Here is the file after our configuration.

Copy to Clipboard

Set a unique hostname.

Copy to Clipboard

Create a file to configure the required environment variables.

Copy to Clipboard

Here is the file content.

Copy to Clipboard

Reboot the computer.

Copy to Clipboard

Download and install the Kubernetes repository key.

Copy to Clipboard

Add the official Kubernetes repository.

Copy to Clipboard

Install the Kubernetes packages.

Copy to Clipboard

Download the required Kubernetes images.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

Initialize the Kubernetes cluster.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

Take note of the command to add nodes to the Kubernetes cluster.

Copy to Clipboard

Set the correct file permission on the Kubernetes configuration file.

Copy to Clipboard

Install the required network configuration.

Copy to Clipboard

By default, the Kubernetes master node is not allowed to run PODS.

Optionally, enable the Kubernetes master node to run PODS.

Copy to Clipboard

In our example, we are using a single-node Kubernetes cluster.

Tutorial – Kubernetes Dashboard installation

Install the list of required packages.

Copy to Clipboard

Download the required YAML file.

Copy to Clipboard

Install the Kubernetes Dashboard.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

Create a service account for the Dashboard.

Copy to Clipboard

Configure the Cluster admin role to the Dashboard service account.

Copy to Clipboard

Create a service account for the Apache proxy.

Copy to Clipboard

Configure the Cluster admin role to the Apache proxy account.

Copy to Clipboard

List the Apache secret available on the Kubernetes server.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

Notice that your secret’s name will not be the same as ours.

Get the value of the Apache secret token.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

Take note of the Apache token value.

In our example, this is the token value:

Copy to Clipboard

List the Dashboard service cluster IP address.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

Take note of the cluster IP address and TCP port.

In our example, the Dashboard cluster is using the TCP port 443 and the IP address 10.107.55.24.

You have finished the required Dashboard configuration.

Kubernetes Proxy – Radius authentication using Apache

On the Master node, install the Apache server.

Copy to Clipboard

Enable the required Apache modules.

Copy to Clipboard

Edit the Apache configuration file.

Copy to Clipboard

Add the following lines to the end of this file.

Copy to Clipboard

Create a private key and certificate using the OpenSSL command.

Copy to Clipboard

Enter the requested information.

Copy to Clipboard

In the option named COMMON_NAME, you must enter the IP address or the hostname.

In our example, we use the IP address: 192.168.15.200

Convert your existing Kubernetes proxy certificate and the key to a single file in the PEM format.

Copy to Clipboard

Edit the Apache configuration file for the default website.

Copy to Clipboard

Here is the file, before our configuration.

Copy to Clipboard

Here is the file, after our configuration.

Copy to Clipboard

Change the IP address of the configuration item named ADDRADIUSAUTH to the IP address of the Radius server.

Change the IP address of the configuration items named PROXYPASS and PROXYPASSREVERSE to the IP address of the Dashboard cluster.

Change the token value of the CI named REQUESTHEADER to the Apache secret token value created earlier.

In our example, we enabled the use of HTTPS using self-signed certificates.

Copy to Clipboard

In our example, we configured the use of RADIUS authentication.

Copy to Clipboard

Apache will represent HTTPS communication between the user and the Dashboard cluster IP address.

Copy to Clipboard

Apache will use a certificate and key created automatically during the Kubernetes server installation to perform mutual TLS authentication on the Dashboard.

Copy to Clipboard

The Apache server will add a header to all packets sent to the Dashboard.

This header is named AUTHORIZATION BEARER and contains the secret token created earlier in the Apache proxy.

Copy to Clipboard

Apache will also redirect HTTP users to the HTTPS version of the requested URL.

Copy to Clipboard

Restart the Apache service.

Copy to Clipboard

Open your browser and access the HTTPS version of the Apache server’s IP address.

In our example, the following URL was entered in the browser:

• https://192.168.15.200

The Apache server will require you to perform user authentication.

Kubernetes Dashboard Proxy Authentication

After a successful login, the Kubernetes Dashboard should be presented.

Kubernetes Dashboard

The Apache proxy will automatically authenticate to the Kubernetes Dashboard using the feature named: AUTH HEADER.

Kubernetes dashboard Authorization bearer

You have successfully completed the configuration of Apache as a proxy for the Kubernetes Dashboard.