Kubernetes User Operations: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
(Created page with "=Internal= * Kubernetes Security Operations")
 
 
(12 intermediate revisions by the same user not shown)
Line 1: Line 1:
=External=
* https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests
=Internal=
=Internal=
* [[Kubernetes_Security_Operations#User_Operations|Kubernetes Security Operations]]
* [[Kubernetes_Security_Operations#User_Operations|Kubernetes Security Operations]]
* [[Kubernetes_Security_Concepts|Kubernetes Security Concepts]]
=Create a Normal User=
<font color=darkgray>Incomplete. How to create user identity on the server?</font>
<syntaxhighlight lang='text'>
kubectl config set-credentials alice --username=alice --password=somepassword
</syntaxhighlight>
This command adds the user to [[.kube_config|.kube/config]] and [[kubectl]] will use basic HTTP authentication for these users.
=<span id='Add_a_Normal_User_via_a_Certificate'></span>Add a User via a Certificate=
A [[Kubernetes_Security_Concepts#User|user]] can authenticate against the Kubernetes cluster by being issued a certificate by the Kubernetes cluster and then present the certificate to the API call as the Certificate Header, or through [[kubectl]].
<font color=darkgray>TODO: https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/#normal-user</font>
<font color=darkgray>TODO: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#x509-client-certs</font>
=Add a User with Bearer Tokens=
==Static Token File==
<font color=darkgray>TODO: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#static-token-file</font>

Latest revision as of 02:07, 5 March 2021

External

Internal

Create a Normal User

Incomplete. How to create user identity on the server?

kubectl config set-credentials alice --username=alice --password=somepassword

This command adds the user to .kube/config and kubectl will use basic HTTP authentication for these users.

Add a User via a Certificate

A user can authenticate against the Kubernetes cluster by being issued a certificate by the Kubernetes cluster and then present the certificate to the API call as the Certificate Header, or through kubectl.

TODO: https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/#normal-user

TODO: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#x509-client-certs

Add a User with Bearer Tokens

Static Token File

TODO: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#static-token-file