kubesphere集群版本v3.1.1
kubectl edit configmaps -n kubesphere-system kubesphere-config
apiVersion: v1
data:
kubesphere.yaml: |
authentication:
authenticateRateLimiterMaxTries: 10
authenticateRateLimiterDuration: 10m0s
loginHistoryRetentionPeriod: 168h
maximumClockSkew: 10s
multipleLogin: True
kubectlImage: kubesphere/kubectl:v1.18.0
jwtSecret: "KMBYll7EwpZvHeJQDIBZfVOY3emSYRMw"
# 增加部分
oauthOptions:
accessTokenMaxAge: 1h
accessTokenInactivityTimeout: 30m
identityProviders:
- name: ldap
type: LDAPIdentityProvider
mappingMethod: auto
provider:
host: 172.24.30.89:389
managerDN: cn=admin,dc=infinitas,dc=group
managerPassword: ~J@|J[MD0p;~B%y(I--11mLKqj
userSearchBase: dc=infinitas,dc=group
loginAttribute: uid
mailAttribute: mail
ldap:
host: openldap.kubesphere-system.svc:389
managerDN: cn=admin,dc=kubesphere,dc=io
managerPassword: admin
userSearchBase: ou=Users,dc=kubesphere,dc=io
groupSearchBase: ou=Groups,dc=kubesphere,dc=io
redis:
host: redis.kubesphere-system.svc
port: 6379
password: ""
db: 0
最后重启apiserver
kubectl -n kubesphere-system rollout restart deploy/ks-apiserver
标签:kubectl,kubesphere,system,dc,集群,io,ldap
From: https://www.cnblogs.com/Jarvansi/p/16761733.html