Every request to Kubernetes is first authenticated, Authentication provides the identity of the caller issuing the request. It could integrate deeply with pluggable authentication provide like Azure Active Directory to establish an identity within third party system.
Once user have been authenticated, the authorization phase determines whether they are authorized to perform the request. Authorization is a combination of identify the user and the resource and verb or action that user is trying to perform it.
Kubernetes makes distinction between user identity and service account identity. The service account identity is managed by K8S inside the cluster where as user identity is a normal user who is try to access the resource from outside of the K8S.
Kubernetes is supporting number of different authentication providers such as:
* Static token file on the host
* Cloud authentication provider such as AWS Identity and access management & Azure active Directory
* Authentication Webhooks.
- The first one is applied in the name space level
- The second one is applied through cluster level
![Kubernetes Pods - [Part 4]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2LHeAo585Xely7pJENTdOcsQRH3hvgynN-QwS6OhcAghEv1S7fhbSFNZmqe-4V2VmAugxE-Zl1EzsBn48LBxTsXaKLBkk0r4oHHtyKd_yZB1w4uuZLcY-ESsXry856KwDtrqKi2mbd7wzaEqS0cWxeP8fWdMYeguEJB6-90VZWoyfPJ45PepTNdvdb1E/w72-h72-p-k-no-nu/k8s.png)
![Kubernetes Pods - [Part 4]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2LHeAo585Xely7pJENTdOcsQRH3hvgynN-QwS6OhcAghEv1S7fhbSFNZmqe-4V2VmAugxE-Zl1EzsBn48LBxTsXaKLBkk0r4oHHtyKd_yZB1w4uuZLcY-ESsXry856KwDtrqKi2mbd7wzaEqS0cWxeP8fWdMYeguEJB6-90VZWoyfPJ45PepTNdvdb1E/s72-c/k8s.png)
![Kubernetes - Services [Part 6]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSH4xcFln2XKsJ5GHDs8REu2n-a_y6cG1VmUctiWQREZql_iEokrS0GySRasxBuQOobsNhNwam-i1vlqFoDFYXrMhiVAzUs-II2meoKpUIn8o-q6v0YppsmbO33JpfqafP6vqSUm7T5UXLvCeFFgeUH79gsXR5kiuRjpWj5BqJhJFXoIX3TV8Lr0ucFGA/s72-c/k8s.png)
No comments:
Post a Comment