To be able to authenticate to the kubernetes cluster through the API-server, there are some basic authentication methods that kubernetes uses.
We have users such as administrators, developers and service accounts - service or application who need to access the kubernetes cluster -. Usually for user accounts, kubernetes uses external services to authenticate them - certificates, ldap , ...
User access is handled by the API-server which authenticate the requests.
We could use a regular password file which would consist of the following elements - passwords, user, id, group -
The file will be mentioned as a parameter to the API-server :
In case we are using the API-server as a service, we will use the below parameters in the service file:
In case our API-server is deployed as a pod, we will use the same parameter in the pod's Yaml file that lives in the below directory "/etc/kubernetes/manifests/kube-apiserver.yaml".
In case we are using tokens instead of passwords, we will do the same, but the token file will have the following format - token, user, user_id, group -.
We pass the below parameter to the API-server service or pod:
These authentication files for tokens and passwords are passed on to pod as mounted volumes.