Chapter 8. Authorization
Authentication is only the first challenge for a Kubernetes API request. As we introduced in Chapter 7, there are two additional tests for every request: access control and admission control. Although authentication is a critical component for ensuring that only trusted users can effect change on a cluster, as we explore in this chapter, authentication also becomes the enabler for fine-grained control concerning what those users may do.
Beyond just verifying a user’s authenticity and determining levels of access, we also want to be sure that every request conforms to our business needs. Every organization has a number of implemented standards. These policies and procedures help us make sense of the complex infrastructures that are required to bring applications to production environments. In this chapter, we take a look at how Kubernetes stands in support of this with admission controllers.
REST
As we have already covered, the Kubernetes API is a RESTful API. The advantageous properties of a RESTful APIs are many (e.g., scalability and portability), but its simple structure is what enables us to determine levels of access within Kubernetes.
For readers who may not be familiar with REST, the semantics are straightforward: resources are manipulated using verbs. As in traditional languages, if we ask someone to “delete the Pod,” we do so with a noun and a verb. REST APIs function in the same way.
To illustrate this concept, let’s look precisely at how
Get Managing Kubernetes now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.