On the doc page https://docs.d2iq.com/dkp/konvoy/latest/access-authentication/howto-dex-ldap-connector/ described how to set up users' authentication using an external LDAP directory.
Dex's ldap connector currently doesn't support multiple hosts, but we can create several connectors of the same type.
To implement LDAP redundancy, we need to create an additional ldap connector with the same type, different name, and different host.
Here the example of ldap.yaml, which should be applied with the command 'kubectl apply -f ldap.yaml':
apiVersion: v1 kind: Secret metadata: name: ldap-password namespace: kubeaddons type: Opaque stringData: password: MyBindPassword --- apiVersion: dex.mesosphere.io/v1alpha1 kind: Connector metadata: name: ldap1 namespace: kubeaddons spec: enabled: true type: ldap displayName: LDAP1 ldap: host: eu.ldap.jumpcloud.com:389 insecureNoSSL: true bindDN: uid=serviceaccount,ou=Users,o=myorgid,dc=jumpcloud,dc=com bindSecretRef: name: ldap-password userSearch: baseDN: ou=Users,o=myorgid,dc=jumpcloud,dc=com filter: "(objectClass=inetOrgPerson)" username: uid idAttr: uid emailAttr: mail groupSearch: baseDN: ou=Users,o=myorgid,dc=jumpcloud,dc=com filter: "(objectClass=groupOfNames)" userAttr: DN groupAttr: member nameAttr: ou --- apiVersion: dex.mesosphere.io/v1alpha1 kind: Connector metadata: name: ldap2 namespace: kubeaddons spec: enabled: true type: ldap displayName: LDAP2 ldap: host: aws-us.ldap.jumpcloud.com:389 insecureNoSSL: true bindDN: uid=serviceaccount,ou=Users,o=myorgid,dc=jumpcloud,dc=com bindSecretRef: name: ldap-password userSearch: baseDN: ou=Users,o=myorgid,dc=jumpcloud,dc=com filter: "(objectClass=inetOrgPerson)" username: uid idAttr: uid emailAttr: mail groupSearch: baseDN: ou=Users,o=myorgid,dc=jumpcloud,dc=com filter: "(objectClass=groupOfNames)" userAttr: DN groupAttr: member nameAttr: ou