Understand the authentication of K8s

preface

This article introduces the authentication module in K8s. An overview and explanation were provided for all four authentication modes. This article focuses on explaining the RBAC authentication mode that is most commonly used in daily life through examples.

Overview of Authentication

In ‘Understanding K8s Authentication’, we mentioned that whether accessing the K8s cluster through the FHIR client or REST request, it ultimately requires API Server to perform resource operations and Etcd. The entire process, as shown in Figure 1, can be divided into four stages:

Figure 1 K8s API Request Access Process

Request initiator to make K8s API request, afterAuthentication(Certification)Authorization(Appraisal)AdmissionControlThe verification of the three stages of admission control, and finally converting the request into a persistent change operation for the K8s objectetcdIn the middle.

The authentication mainly solves the problem of whether the request source can be accessed. Once authenticated, it can be considered a legitimate request object. So how to decide which resources the requesting object can access and what operations can be performed on these resources is what authentication needs to accomplish.