Getting ready
When a request comes to an API server, it firstly establishes a TLS connection by validating the clients' certificate with the certificate authority (CA) in the API server. The CA in the API server is usually at /etc/kubernetes/, and the clients' certificate is usually at $HOME/.kube/config. After the handshake, it goes to the authentication stage. In Kubernetes, authentication modules are chain-based. We can use more than one authentication module. When the request comes, Kubernetes will try all the authenticators one by one until it succeeds. If the request fails on all authentication modules, it will be rejected as HTTP 401 unauthorized. Otherwise, one of the authenticators verifies the user's identity, and the requests are ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access