The security center of Kubernetes

The kube-apiserver is the heart of a Kubernetes cluster. All the system-level authentications (AuthN) and authorizations (AuthZ) are handled by it. AuthX usually refers to both AuthN and AuthZ. We can also say that the kube-apiserver is the security center of Kubernetes.

We could run the kube-apiserver with insecure settings, but that isn’t suggested, especially in production environments. It’s strongly suggested to enable transport layer security (TLS) between all the Kubernetes components. This helps improve the whole cluster’s security.

Just as the graph below shows, all the requests that are being sent to the kube-apiserver need to pass through the authentication, authorization, and admission control stages, and then come to the final resource validation and persistent storing stages.

Before Getting Started

Kubernetes Architecture

Customizing AuthX

Dynamic Admission Control

Customizing Schedulers

Extending APIs with CustomResourceDefinition (CRD)

Extending APIs with Aggregated APIServer

Container Network Interface

Container Runtime Interface

Extend kubectl

How to Write Good Kubernetes Operators

Assessment of Programming with Kubernetes

Wrap Up

Introduction to AuthX

The security center of Kubernetes

Authentication