Add documentation for validating keystone authentication

[Cynerva]

Originally opened here: https://bugs.launchpad.net/charm-kubernetes-master/+bug/1814843

For our k8s keystone authentication validation, we are following this guide:
https://www.ubuntu.com/kubernetes/docs/ldap

It would be useful to add a small section on how to best validate that the token generated from 'get_keystone_token' works end to end.

Right now to test, we are plugging the token into a 'kubectl get nodes --token' command and checking the output. Is using it this way a good way to validate it works end to end?

Successfully getting a token from 'get_keystone_token' doesn't really confirm that the token works with the kubernetes cluster, right?

[hyperbolic2346]

Successfully getting a token from 'get_keystone_token' doesn't really confirm that the token works with the kubernetes cluster, right?

Correct. This just talks directly to Keystone and verifies that connectivity exists between the client machine and the Keystone machine. This is essentially what the plugin is doing for the user.

Right now to test, we are plugging the token into a 'kubectl get nodes --token' command and checking the output. Is using it this way a good way to validate it works end to end?

This takes the token from Keystone and sends it to the api server. It is then routed through the webhook for verification, which talks to the Keystone server. This verifies that the webhook is working properly and able to validate tokens.