1. 编辑kubesphere-config

kubectl edit cm kubesphere-config -n kubesphere-system

2.添加ldap配置

apiVersion: v1
data:
  kubesphere.yaml: |
    authentication:
      authenticateRateLimiterMaxTries: 10
      authenticateRateLimiterDuration: 10m0s
      loginHistoryRetentionPeriod: 168h
      maximumClockSkew: 10s
      multipleLogin: True
      kubectlImage: kubesphere/kubectl:v1.0.0
      jwtSecret: "sCfn9NZTPFi4efB8nHFVTgnRhjAqoBI8"
      oauthOptions:
        accessTokenMaxAge: 1h
        accessTokenInactivityTimeout: 30m
        identityProviders:
        - name: ldap
          type: LDAPIdentityProvider
          mappingMethod: auto
          provider:
            host: x.x.x.x:389 # 此处填写ldap地址
            managerDN: ' ' # 此处填写在搜索阶段用于绑定的DN
            managerPassword: ' ' #此处填写在搜索阶段用于绑定的密码
            userSearchBase: ' ' #此处填写base DN
            loginAttribute: sAMAccountName
            mailAttribute: mail

3. 重启kubesphere api

kubectl -n kubesphere-system rollout restart deploy ks-apiserver

4. 以windows AD登陆

用ad账号登录，默认为普通成员

image.png

参考

• https://kubesphere.com.cn/docs/access-control-and-account-management/configuring-authentication/