Join Kubernetes to Azure AD for authentication

This article will discuss on configuring the authenticating kubernetes with azure Active Directory.

1- We need to create two apps

first app is — webapp- kubeapi server using below commands

az ad app create — native-app false — display-name APP_NAME — homepage SOME_HOME_PAGE  — identifier-uris SOMEURI 

second app is native app — kubectl server

az ad app create — native-app true — display-name Native_App_Name — homepage SOME_HOME_PAGE  — required-resource-accesses @manifest.json 

where manifest.json

[
{
"resourceAppId":"kubectlapp-id",
"resourceAccess":[
{
"id":"kubeapiapp-id",
"type":"Scope"
}
]
}
]

configure kubectl config

apiVersion: v1
clusters:
- cluster: 
   certificate-authority-data:    
server: https:// 
 name: sandbox
contexts:-
 context:    
cluster: sandbox
    user: 
 name: ps
current-context: p
kind:
 Configpreferences: 
{}
users:- 
name: 
 user:    
auth-provider:     
 config:       
 environment: AzurePublicCloud     
   apiserver-id:        
client-id:      
  tenant-id:     
 name: azure

create a role

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata: 
 name: aad-cluster-admin
roleRef:  apiGroup: rbac.authorization.k8s.io 
 kind: ClusterRole 
 name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io  
kind: User  
name: https://sts.windows.net/#tenant-id/#username

modify a kubectlapiserver.yml file

--authorization-mode=RBAC"
        - "--oidc-client-id=spn:"kubeapiapp-id
        - "--oidc-issuer-url=https://sts.windows.net/tenat-id/"
        - "--oidc-username-claim=upn