Multi Domain Administration

akarancher · November 17, 2019, 10:18am

Hi,

Please consider the following scenario for Active Directory Authentication with Rancher.
We plan to deploy AD Domains, 1 per each app we are deploying - this is for regulatory purposes.
-master.local = management domain for rancher admin cluster
-app1.local = K8S application domain 1
-app2.local = K8S application domain 2

Can rancher management cluster within master.local be configured to authenticate administration in both the application domains ? My aim is to only have a 1-way AD trust which allows management domain to be trusted by both App domains.

Thanks!

vincent · November 25, 2019, 7:46pm

You can only configure one AD server and one subtree of that server to search. So if those are all in the same server, then you could set the search base to the root and find users from the entire tree, then give individual users/groups from different domains roles on the various resources.

Topic		Replies	Views
Integration of Users from Active Directory into rancher Rancher 2.x	5	2069	September 13, 2019
Configuring External Authentication For Rancher	1	617	October 27, 2019
AD integration for Rancher Server Rancher 1.x	1	671	May 15, 2018
Google OAuth in Rancher with Multiple Domains Rancher 2.x	1	618	August 22, 2022
AD Logins for every cluster or only general Rancher 1.x	0	831	May 7, 2019

Multi Domain Administration

Related Topics