Multi Domain Administration


Please consider the following scenario for Active Directory Authentication with Rancher.
We plan to deploy AD Domains, 1 per each app we are deploying - this is for regulatory purposes.
-master.local = management domain for rancher admin cluster
-app1.local = K8S application domain 1
-app2.local = K8S application domain 2

Can rancher management cluster within master.local be configured to authenticate administration in both the application domains ? My aim is to only have a 1-way AD trust which allows management domain to be trusted by both App domains.


You can only configure one AD server and one subtree of that server to search. So if those are all in the same server, then you could set the search base to the root and find users from the entire tree, then give individual users/groups from different domains roles on the various resources.