One main authentication mechanism in K8S is: CA, Certificate, Key
There is no "user" concept in K8S. Instead, it uses the client private key to identify the "user"
The workflow is like this:
- Users(clients) have their private keys. These keys represent their unique id in K8S.
- Go through the CSR approval process with these keys. We can add CN like user "John" into the CSR process to have a readable "user" id.
- Once CSR is approved, we can get a signed certificate of the private key representing the user "John"
- Then we can authenticate in K8S via CA, Certificate, Key
No comments:
Post a Comment