Introduction to AuthX
Get introduced to authentication and authorization in Kubernetes.
We'll cover the following...
The security center of Kubernetes
The kube-apiserver is the heart of a Kubernetes cluster. All the system-level authentications (AuthN) and authorizations (AuthZ) are handled by it. AuthX usually refers to both AuthN and AuthZ. We can also say that the kube-apiserver is the security center of Kubernetes.
We could run the kube-apiserver with insecure settings, but that isn’t suggested, especially in production environments. It’s strongly suggested to enable transport layer security (TLS) between all the Kubernetes components. This helps improve the whole cluster’s security.
Just as the graph below shows, all the requests that are being sent to the kube-apiserver need to pass through the authentication, authorization, and admission control stages, and then come to the final resource validation and persistent storing stages.
Authentication
In Kubernetes, the kube-apiserver needs to authenticate every received request to validate the user identity. Such a request may be sent out by either a user or a program. We can think of it as a login process.
The simplest authentication method is using ...