Kubernetes User Operations: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
 
(6 intermediate revisions by the same user not shown)
Line 6: Line 6:
* [[Kubernetes_Security_Concepts|Kubernetes Security Concepts]]
* [[Kubernetes_Security_Concepts|Kubernetes Security Concepts]]


=Add a Normal User via a Certificate=
=Create a Normal User=
 
<font color=darkgray>Incomplete. How to create user identity on the server?</font>
<syntaxhighlight lang='text'>
kubectl config set-credentials alice --username=alice --password=somepassword
</syntaxhighlight>
This command adds the user to [[.kube_config|.kube/config]] and [[kubectl]] will use basic HTTP authentication for these users.
 
=<span id='Add_a_Normal_User_via_a_Certificate'></span>Add a User via a Certificate=


A [[Kubernetes_Security_Concepts#User|user]] can authenticate against the Kubernetes cluster by being issued a certificate by the Kubernetes cluster and then present the certificate to the API call as the Certificate Header, or through [[kubectl]].
A [[Kubernetes_Security_Concepts#User|user]] can authenticate against the Kubernetes cluster by being issued a certificate by the Kubernetes cluster and then present the certificate to the API call as the Certificate Header, or through [[kubectl]].
<font color=darkgray>TODO: https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/#normal-user</font>
<font color=darkgray>TODO: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#x509-client-certs</font>
=Add a User with Bearer Tokens=
==Static Token File==
<font color=darkgray>TODO: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#static-token-file</font>

Latest revision as of 02:07, 5 March 2021

External

Internal

Create a Normal User

Incomplete. How to create user identity on the server?

kubectl config set-credentials alice --username=alice --password=somepassword

This command adds the user to .kube/config and kubectl will use basic HTTP authentication for these users.

Add a User via a Certificate

A user can authenticate against the Kubernetes cluster by being issued a certificate by the Kubernetes cluster and then present the certificate to the API call as the Certificate Header, or through kubectl.

TODO: https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/#normal-user

TODO: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#x509-client-certs

Add a User with Bearer Tokens

Static Token File

TODO: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#static-token-file