Find the Best Cosmetic Hospitals

Explore trusted cosmetic hospitals and make a confident choice for your transformation.

“Invest in yourself — your confidence is always worth it.”

Explore Cosmetic Hospitals

Start your journey today — compare options in one place.

Kubernetes

Understanding Authentication & Authorization in kubernetes

July 29, 2021 comments off

Authentication – How User’s access should be allowed? The process or action of verifying the identity of a user or process.
Authorization – What Access and till what extent should be accessible to user

Official ref for Authentication

  • https://kubernetes.io/docs/reference/access-authn-authz/authentication/

Method of Authentication in kubernetes

  • Certificate
  • Token
  • OpenID
  • Web Hook

How Certificate Based Auth Works in kubernetes?

  • User (or administrator on behalf of user) creates a private key.
  • User/administrator generates a certificate signing request (CSR).
  • Administrator approves the request and signs it with their CA.
  • Administrator provides the resulting certificate back to the user.

How Token Based Auth Works in kubernetes?

How to create user in kubernetes?

# USER run these commands in Workstation
# Create a pvt key
$ openssl genrsa -out employee.key 2048

# Create CSR file
$ openssl req -new -key employee.key -out employee.csr -subj "/CN=employee/O=bitnami"

# How to send a CSR file to CA (Master Admin or K8s admin)
- Send via manual way eg. email
- csr api

# Admin run these commands in Workstation
$ openssl x509 -req -in employee.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out employee.crt -days 500

# Admin would send employee.crt to USER.
- Send via manual way eg. email 
- csr api - they can download self

# USER would set employee.key & employee.crt in CONFIG file.

$ kubectl config set-credentials employee --client-certificate=/root/employee.crt  --client-key=/root/employee.key

$ kubectl config view

$ kubectl config set-context employee-context --cluster=kubernetes --namespace=office --user=employee

$ kubectl config view

$ kubectl create namespace office

$ kubectl --context=employee-context get pods

[root@rajesh ~]# kubectl --context=employee-context get pods
Error from server (Forbidden): pods is forbidden: User "employee" cannot list resource "pods" in API group "" in the namespace "office"
# Only we have enabled employee authentication. He has no rights on K8s.

What are the Methods of Authorization in kubernetes?

  • Node
  • ABAC
  • RBAC [ FOCUS ]
  • Webhook

Official ref for Authorization

  • https://kubernetes.io/docs/reference/access-authn-authz/authorization/

How to Authorized user in kubernetes clustor?

WHOM – USER or GROUP
WHAT – verbs: [“get”, “list”, “watch”, “create”, “update”, “patch”, “delete”] # You can also use [“*”]
WHERE – API Resources or API Group $ kubectl api-resources
How???

  • Node
  • ABAC
  • RBAC [ FOCUS ]
  • Webhook

How RBAC works in kubernetes?

Find Trusted Cardiac Hospitals

Compare heart hospitals by city and services — all in one place.

Explore Hospitals

Certification Courses

DevOpsSchool has introduced a series of professional certification courses designed to enhance your skills and expertise in cutting-edge technologies and methodologies. Whether you are aiming to excel in development, security, or operations, these certifications provide a comprehensive learning experience. Explore the following programs:

DevOps Certification, SRE Certification, and DevSecOps Certification by DevOpsSchool

Explore our DevOps Certification, SRE Certification, and DevSecOps Certification programs at DevOpsSchool. Gain the expertise needed to excel in your career with hands-on training and globally recognized certifications.