Find the Best Cosmetic Hospitals

Explore trusted cosmetic hospitals and make a confident choice for your transformation.

“Invest in yourself — your confidence is always worth it.”

Explore Cosmetic Hospitals

Start your journey today — compare options in one place.

Understanding Authentication & Authorization in kubernetes

Authentication – How User’s access should be allowed? The process or action of verifying the identity of a user or process.
Authorization – What Access and till what extent should be accessible to user

Official ref for Authentication

  • https://kubernetes.io/docs/reference/access-authn-authz/authentication/

Method of Authentication in kubernetes

  • Certificate
  • Token
  • OpenID
  • Web Hook

How Certificate Based Auth Works in kubernetes?

  • User (or administrator on behalf of user) creates a private key.
  • User/administrator generates a certificate signing request (CSR).
  • Administrator approves the request and signs it with their CA.
  • Administrator provides the resulting certificate back to the user.

How Token Based Auth Works in kubernetes?

How to create user in kubernetes?


# USER run these commands in Workstation
# Create a pvt key
$ openssl genrsa -out employee.key 2048

# Create CSR file
$ openssl req -new -key employee.key -out employee.csr -subj "/CN=employee/O=bitnami"

# How to send a CSR file to CA (Master Admin or K8s admin)
- Send via manual way eg. email
- csr api

# Admin run these commands in Workstation
$ openssl x509 -req -in employee.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out employee.crt -days 500

# Admin would send employee.crt to USER.
- Send via manual way eg. email 
- csr api - they can download self

# USER would set employee.key & employee.crt in CONFIG file.

$ kubectl config set-credentials employee --client-certificate=/root/employee.crt  --client-key=/root/employee.key

$ kubectl config view

$ kubectl config set-context employee-context --cluster=kubernetes --namespace=office --user=employee

$ kubectl config view

$ kubectl create namespace office

$ kubectl --context=employee-context get pods

[root@rajesh ~]# kubectl --context=employee-context get pods
Error from server (Forbidden): pods is forbidden: User "employee" cannot list resource "pods" in API group "" in the namespace "office"
# Only we have enabled employee authentication. He has no rights on K8s.

What are the Methods of Authorization in kubernetes?

  • Node
  • ABAC
  • RBAC [ FOCUS ]
  • Webhook

Official ref for Authorization

  • https://kubernetes.io/docs/reference/access-authn-authz/authorization/

How to Authorized user in kubernetes clustor?

WHOM – USER or GROUP
WHAT – verbs: [“get”, “list”, “watch”, “create”, “update”, “patch”, “delete”] # You can also use [“*”]
WHERE – API Resources or API Group $ kubectl api-resources
How???

  • Node
  • ABAC
  • RBAC [ FOCUS ]
  • Webhook

How RBAC works in kubernetes?

Find Trusted Cardiac Hospitals

Compare heart hospitals by city and services — all in one place.

Explore Hospitals
I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at <a href="https://www.cotocus.com/">Cotocus</a>. I share tech blog at <a href="https://www.devopsschool.com/">DevOps School</a>, travel stories at <a href="https://www.holidaylandmark.com/">Holiday Landmark</a>, stock market tips at <a href="https://www.stocksmantra.in/">Stocks Mantra</a>, health and fitness guidance at <a href="https://www.mymedicplus.com/">My Medic Plus</a>, product reviews at <a href="https://www.truereviewnow.com/">TrueReviewNow</a> , and SEO strategies at <a href="https://www.wizbrand.com/">Wizbrand.</a> Do you want to learn <a href="https://www.quantumuting.com/">Quantum Computing</a>? <strong>Please find my social handles as below;</strong> <a href="https://www.rajeshkumar.xyz/">Rajesh Kumar Personal Website</a> <a href="https://www.youtube.com/TheDevOpsSchool">Rajesh Kumar at YOUTUBE</a> <a href="https://www.instagram.com/rajeshkumarin">Rajesh Kumar at INSTAGRAM</a> <a href="https://x.com/RajeshKumarIn">Rajesh Kumar at X</a> <a href="https://www.facebook.com/RajeshKumarLog">Rajesh Kumar at FACEBOOK</a> <a href="https://www.linkedin.com/in/rajeshkumarin/">Rajesh Kumar at LINKEDIN</a> <a href="https://www.wizbrand.com/rajeshkumar">Rajesh Kumar at WIZBRAND</a> <a href="https://www.rajeshkumar.xyz/dailylogs">Rajesh Kumar DailyLogs</a>

Related Posts

Kubernetes Secret Explained: API Resource, YAML Example, and Use Cases

What is Kubernetes SecretsA Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Objects of…

Read More

Kubernetes ConfigMap Explained: API Resource, YAML Example, and Use Cases

Content of reverseproxy.conf Commands to execute to create configmap Example pod using configmap Validating configmap inside a pod Rajesh Kumar I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing…

Read More

Kubernetes Service Explained: API Resource, YAML Example, and Use Cases

In Kubernetes, a Service is an abstraction that defines a logical set of pods and a policy by which to access them. It provides a stable network…

Read More

Kubernetes Job & CronJob Explained: API Resource, YAML Example, and Use Cases

Cronjob Example 1 job Example Rajesh Kumar I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at…

Read More

Kubernetes Deployment Explained: API Resource, YAML Example, and Use Cases

Fearture of Kubernetes Deployment Note:ReplicaSets = Replication+Controller in the Deployment Kubernetes Deployement Strategy Type of deployment .spec.strategy specifies the strategy used to replace old Pods by new…

Read More

Kubernetes ReplicaSet Explained: API Resource, YAML Example, and Use Cases

Rajesh Kumar I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at…

Read More