Kubernetes Proxy - Radius authentication using Apache
On the Master node, install the Apache server.
Enable the required Apache modules.
Edit the Apache configuration file.
Add the following lines to the end of this file.
Create a private key and certificate using the OpenSSL command.
Enter the requested information.
In the option named COMMON_NAME, you must enter the IP address or the hostname.
In our example, we use the IP address: 192.168.15.200
Convert your existing Kubernetes proxy certificate and the key to a single file in the PEM format.
Edit the Apache configuration file for the default website.
Here is the file, before our configuration.
Here is the file, after our configuration.
Change the IP address of the configuration item named ADDRADIUSAUTH to the IP address of the Radius server.
Change the IP address of the configuration items named PROXYPASS and PROXYPASSREVERSE to the IP address of the Dashboard cluster.
Change the token value of the CI named REQUESTHEADER to the Apache secret token value created earlier.
In our example, we enabled the use of HTTPS using self-signed certificates.
In our example, we configured the use of RADIUS authentication.
Apache will represent HTTPS communication between the user and the Dashboard cluster IP address.
Apache will use a certificate and key created automatically during the Kubernetes server installation to perform mutual TLS authentication on the Dashboard.
The Apache server will add a header to all packets sent to the Dashboard.
This header is named AUTHORIZATION BEARER and contains the secret token created earlier in the Apache proxy.
Apache will also redirect HTTP users to the HTTPS version of the requested URL.
Restart the Apache service.
Open your browser and access the HTTPS version of the Apache server's IP address.
In our example, the following URL was entered in the browser:
The Apache server will require you to perform user authentication.
After a successful login, the Kubernetes Dashboard should be presented.
The Apache proxy will automatically authenticate to the Kubernetes Dashboard using the feature named: AUTH HEADER.
You have successfully completed the configuration of Apache as a proxy for the Kubernetes Dashboard.