k8s/StudyNotes/ k8s-certs-security
- kube-apiserver at the center
- Who can access ? Authentication methods
Static PWD, CSV password123,user1,u0001,group1 kube-apiserver --basic-auth-file=user-details.csv
Auth with curl -v -k https://master-node-ip:6443/api/v1/pods -u "user1:password123"
Static Token, kube-apiserver --token-auth-file=user-details.csv
Auth with curl -v -k https://master-node-ip:6443/api/v1/pods --header "Authorization: Bearer KpjCViY"
- Cert
- SSO
- What can they do ? RBAC Auth , ABAC, Node, Webhook
- All components to kube-apiserver TLS authenticated.
- Who can access ? Authentication methods
k8s relies on external user administration, but it does ServiceAccounts for integration/bots