Difference between revisions of "Kubernetes Authentication"

From wikieduonline
Jump to navigation Jump to search
 
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
https://kubernetes.io/docs/reference/access-authn-authz/authentication/
 
https://kubernetes.io/docs/reference/access-authn-authz/authentication/
  
* [[Service accounts]]
+
== Accounts ==
 +
* [[Service accounts]] are users managed by the Kubernetes API. They are bound to specific [[namespaces]], and created automatically by the API server or manually through API calls. Service accounts are tied to a set of credentials stored as [[Secrets]], which are mounted into pods allowing in-cluster processes to talk to the Kubernetes API.
 
* [[Users]]: "normal" user accounts cannot be added via an API call, any user that presents a valid [[certificate]] signed by the cluster's [[certificate authority]] (CA) is considered authenticated.<ref>https://kubernetes.io/docs/reference/access-authn-authz/authentication/#users-in-kubernetes</ref>. Kubernetes determines the username from the common name field in the <code>'subject'</code> of the cert (e.g., <code>"/CN=your-user"</code>).
 
* [[Users]]: "normal" user accounts cannot be added via an API call, any user that presents a valid [[certificate]] signed by the cluster's [[certificate authority]] (CA) is considered authenticated.<ref>https://kubernetes.io/docs/reference/access-authn-authz/authentication/#users-in-kubernetes</ref>. Kubernetes determines the username from the common name field in the <code>'subject'</code> of the cert (e.g., <code>"/CN=your-user"</code>).
 +
 +
== Authentication options ==
 +
* Certificates
 +
* [[Bearer tokens]]
 +
* [[Authenticating proxy]]
  
  
Line 11: Line 17:
 
* <code>[[kubectl config set-credentials]]</code>
 
* <code>[[kubectl config set-credentials]]</code>
  
 +
== Activities ==
 +
* [[Access Kubernetes REST API using default token]]
  
 
== Related ==
 
== Related ==
 
* <code>[[kubectl create serviceaccount]]</code>
 
* <code>[[kubectl create serviceaccount]]</code>
* <code>[[kubectl edit configmap aws-auth]]</code>
+
* [[aws-auth]]: <code>[[kubectl edit configmap aws-auth]]</code>
 
* <code>[[gke-gcloud-auth-plugin]]</code>
 
* <code>[[gke-gcloud-auth-plugin]]</code>
 
* <code>[[kind: CertificateSigningRequest]]</code>
 
* <code>[[kind: CertificateSigningRequest]]</code>
 +
* [[Kubernetes Authorization]]
 +
* [[EKS Authentication]]
 +
* [[kubectl create token]]
  
 
== See also ==
 
== See also ==
* {{kubectl config}}
 
* {{Kubernetes service account}}
 
 
* {{Kubernetes Authentication}}
 
* {{Kubernetes Authentication}}
  
 
[[Category:K8s]]
 
[[Category:K8s]]

Latest revision as of 16:58, 31 October 2023

https://kubernetes.io/docs/reference/access-authn-authz/authentication/

Accounts[edit]

  • Service accounts are users managed by the Kubernetes API. They are bound to specific namespaces, and created automatically by the API server or manually through API calls. Service accounts are tied to a set of credentials stored as Secrets, which are mounted into pods allowing in-cluster processes to talk to the Kubernetes API.
  • Users: "normal" user accounts cannot be added via an API call, any user that presents a valid certificate signed by the cluster's certificate authority (CA) is considered authenticated.[1]. Kubernetes determines the username from the common name field in the 'subject' of the cert (e.g., "/CN=your-user").

Authentication options[edit]


Authorization: Bearer 31ada4fd-adec-460c-809a-9e56ceb75269

Activities[edit]

Related[edit]

See also[edit]

  • https://kubernetes.io/docs/reference/access-authn-authz/authentication/#users-in-kubernetes
    • Retrieved from "https://www.wikieduonline.com/index.php?title=Kubernetes_Authentication&oldid=272824"

    Advertising: