Kubernetes: Up and Running by Brendan Burns Joe Beda Kelsey Hightower and Lachlan Evenson

Author:Brendan Burns, Joe Beda, Kelsey Hightower, and Lachlan Evenson
Language: eng
Format: epub, pdf
Publisher: O'Reilly Media, Inc.
Published: 2022-08-02T00:00:00+00:00

Role-Based Access Control

To properly manage access in Kubernetes, it’s critical to understand how identity, roles, and role bindings interact to control who can do what with which resources. At first, RBAC can seem like a challenge to understand, with a series of interconnected, abstract concepts; but once it’s understood, you can be confident in your ability to manage cluster access.

Identity in Kubernetes

Every request to Kubernetes is associated with some identity. Even a request with no identity is associated with the system:unauthenticated group. Kubernetes makes a distinction between user identities and service account identities. Service accounts are created and managed by Kubernetes itself and are generally associated with components running inside the cluster. User accounts are all other accounts associated with actual users of the cluster, and often include automation like continuous delivery services that run outside the cluster.

Kubernetes uses a generic interface for authentication providers. Each of the providers supplies a username and, optionally, the set of groups to which the user belongs. Kubernetes supports a number of authentication providers, including:

HTTP Basic Authentication (largely deprecated)

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.