Kubernetes User Operations: Difference between revisions
Jump to navigation
Jump to search
| (8 intermediate revisions by the same user not shown) | |||
| Line 4: | Line 4: | ||
=Internal= | =Internal= | ||
* [[Kubernetes_Security_Operations#User_Operations|Kubernetes Security Operations]] | * [[Kubernetes_Security_Operations#User_Operations|Kubernetes Security Operations]] | ||
* [[Kubernetes_Security_Concepts|Kubernetes Security Concepts]] | |||
= | =Create a Normal User= | ||
A user can authenticate against the Kubernetes cluster by being issued a certificate by the Kubernetes cluster and then present the certificate to the API call as the Certificate Header, or through [[kubectl]]. | <font color=darkgray>Incomplete. How to create user identity on the server?</font> | ||
<syntaxhighlight lang='text'> | |||
kubectl config set-credentials alice --username=alice --password=somepassword | |||
</syntaxhighlight> | |||
This command adds the user to [[.kube_config|.kube/config]] and [[kubectl]] will use basic HTTP authentication for these users. | |||
=<span id='Add_a_Normal_User_via_a_Certificate'></span>Add a User via a Certificate= | |||
A [[Kubernetes_Security_Concepts#User|user]] can authenticate against the Kubernetes cluster by being issued a certificate by the Kubernetes cluster and then present the certificate to the API call as the Certificate Header, or through [[kubectl]]. | |||
<font color=darkgray>TODO: https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/#normal-user</font> | |||
<font color=darkgray>TODO: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#x509-client-certs</font> | |||
=Add a User with Bearer Tokens= | |||
==Static Token File== | |||
<font color=darkgray>TODO: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#static-token-file</font> | |||
Latest revision as of 02:07, 5 March 2021
External
Internal
Create a Normal User
Incomplete. How to create user identity on the server?
kubectl config set-credentials alice --username=alice --password=somepassword
This command adds the user to .kube/config and kubectl will use basic HTTP authentication for these users.
Add a User via a Certificate
A user can authenticate against the Kubernetes cluster by being issued a certificate by the Kubernetes cluster and then present the certificate to the API call as the Certificate Header, or through kubectl.
TODO: https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/#normal-user
TODO: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#x509-client-certs
Add a User with Bearer Tokens
Static Token File
TODO: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#static-token-file