Kubernetes 101 : Basic authentication methods - Password file, Bearer token file -
We have users such as administrators, developers and service accounts - service or application who need to access the kubernetes cluster -.
Usually for user accounts, kubernetes uses external services to authenticate them - certificates, ldap , ...
Usually for user accounts, kubernetes uses external services to authenticate them - certificates, ldap , ...
User access is handled by the API-server which authenticate the requests.
We could use a regular password file which would consist of the following elements - passwords, user, id, group -
The file will be mentioned as a parameter to the API-server :
--basic-auth-file=user-password-file
In case we are using the API-server as a service, we will use the below parameters in the service file:
In case our API-server is deployed as a pod, we will use the same parameter in the pod's Yaml file that lives in the below directory "/etc/kubernetes/manifests/kube-apiserver.yaml".
We pass the below parameter to the API-server service or pod:
--token-auth-file=auth-file
These authentication files for tokens and passwords are passed on to pod as mounted volumes.
Comments