Integrating the dashboard with OpenUnison
The topic of how OpenUnison injected identity headers using impersonation was covered in Chapter 5, Integrating Authentication into Your Cluster, but not how OpenUnison injected user's identity into the dashboard with an OpenID Connect integrated cluster. It worked, but it wasn't explained. This section will use the OpenUnison implementation as an example of how to build a reverse proxy for the dashboard. Use the information in this section to get a better understanding of API security or to build your own solution for dashboard authentication.
The OpenUnison deployment comprises two integrated applications:
- The OpenID Connect Identity Provider & Login Portal: This application hosts the login process and the discovery URLs used by the API server to get the keys needed to validate an
id_token
. It also hosts the screens where you can obtain your token for kubectl. - The dashboard: A reverse proxy application...