Skip to content

Latest commit

 

History

History
59 lines (33 loc) · 1.71 KB

File metadata and controls

59 lines (33 loc) · 1.71 KB

Authentication

In this section, we will take a look at authentication in a kubernetes cluster

Accounts

auth1

Different users that may be accessing the cluster security of end users who access the applications deployed on the cluster is managed by the applications themselves internally.

acc1

  • So, we left with 2 types of users

    • Humans, such as the Administrators and Developers
    • Robots such as other processes/services or applications that require access to the cluster.

    acc2

  • All user access is managed by apiserver and all of the requests goes through apiserver.

    acc3

Authentication Mechanisms

  • There are different authentication mechanisms that can be configured.

    auth2

Authentication Mechanisms - Basic

auth3

kube-apiserver configuration

  • If you set up via kubeadm then update kube-apiserver.yaml manifest file with the option.

    auth4

Authenticate User

  • To authenticate using the basic credentials while accessing the API server specify the username and password in a curl command.

    $ curl -v -k http://master-node-ip:6443/api/v1/pods -u "user1:password123"
    

    auth5

  • We can have additional column in the user-details.csv file to assign users to specific groups.

    auth6

Note

note

K8s Reference Docs