Authentication

Accounts

1. Different users can access the cluster security, managed by self-managed applications within the cluster they access.

2. So, we have with 2 types of users:

• Humans: e.g. Admins and Developers

• Robots: like processes/services or applications that require access to the cluster.

3. The entirety of user access management is done by the apiserver. All requests go through the apiserver.

Authentication Mechanisms

There are different authentication mechanisms that are configurable.

Basic Authentication Mechanisms

Kube-apiserver Configuration

• If you setup via kubeadm, update the kube-apiserver.yaml template file with the option(s).

Authenticate User with API

• To authenticate with basic credentials when accessing the API server, specify the username and password in a curl command.

$ curl -v -k http://master-node-ip:6443/api/v1/pods -u "user1:password123"

We can add more columns in the user-details.csv file to assign users to specific groups.

References

• https://kubernetes.io/docs/reference/access-authn-authz/authentication/