Hi Team, I was reading about cattle-impersonation-system but I am not able to clearly understand the mechanics of authentication proxy. In the link https://www.suse.com/support/kb/doc/?id=000021220 , it says below

The authentication proxy forwards all Kubernetes API calls to downstream clusters. It integrates with authentication services like local authentication, Active Directory, and GitHub.

We have Okta authentication in place. How do I actually prove that above steps happen when User bob requests to list pods. How to do i intercept that traffic. We have k3s deployed , on top of that rancher and downstream clusters as well using RKE. but what steps do I carry out to see above step happening in real time. Do I have to check something at k3s level ,,its more like where do I start looking , any step by step approach ?