Difference between revisions of "Kubernetes Authentication"
Jump to navigation
Jump to search
↑ https://kubernetes.io/docs/reference/access-authn-authz/authentication/#users-in-kubernetes
Line 2: | Line 2: | ||
* [[Service accounts]] | * [[Service accounts]] | ||
− | * [[Users]] | + | * [[Users]] even though a normal user cannot be added via an API call, any user that presents a valid [[certificate]] signed by the cluster's [[certificate authority]] (CA) is considered authenticated.<ref>https://kubernetes.io/docs/reference/access-authn-authz/authentication/#users-in-kubernetes</ref> |
Revision as of 16:03, 25 August 2022
https://kubernetes.io/docs/reference/access-authn-authz/authentication/
- Service accounts
- Users even though a normal user cannot be added via an API call, any user that presents a valid certificate signed by the cluster's certificate authority (CA) is considered authenticated.[1]
Authorization: Bearer 31ada4fd-adec-460c-809a-9e56ceb75269
- A user store like Keystone or Google Accounts
Related
See also
kubectl config
[view | get-contexts | current-context | get-clusters | set-context | set-credentials ], ~/.kube/config, kubectl config --help
,kubectx
, Kubernetes contexts,KUBECONFIG, kubectl --kubeconfig
- Kubernetes service account, ServiceAccount:,
kubectl get serviceaccounts, kubectl create serviceaccount, kubectl describe serviceaccount
,kubernetes.io/service-account-token
, Kubernetes users, Kubernetes groups, Kubernetes roles,ServiceAccountTokenNodeBinding
- Kubernetes Authentication,
kubectl create serviceaccount, kubectl get serviceaccounts, CertificateSigningRequest, aws-auth
, bearer tokens, EKS Authentication
Advertising: