This is the last part of a tutorial series on Kubernetes access control. Having explored the key concepts related to authentication and authorization, we will take a closer look at service accounts.

Kubernetes has the notion of users and service account to access resources. A user is associated with a key and certificate to authenticate API requests. Any request originated outside of the cluster is authenticated using one of the configured schemes. The most common technique to authenticate requests is through X.509 certificates. Refer to the tutorial on Kubernetes authenticationon creating and associating certificates with users.

It’s important to recall that Kubernetes doesn’t maintain a database or profiles of users and passwords. Instead, it expects it to be managed outside of the cluster. Through the concept of authentication modules, Kubernetes can delegate authentication to a 3rd party like OpenID or Active Directory.

Read the entire article at The New Stack

Janakiram MSV is an analyst, advisor, and architect. Follow him on Twitter,  Facebook and LinkedIn.