14: API security and RBAC
Kubernetes is API-centric and the API is served through the API server. In this chapter, you’ll follow a typical API request as it passes through various security-related checks.
The chapter is divided as follows:
- API security big picture
- Authentication
- Authorization (RBAC)
- Admission control
See Chapter 15 for an in-depth look at the API.
API security big picture
All of the following make CRUD-style requests to the API server (create, read, update, delete):
- Operators and developers using
kubectl - Pods
- Kubelets
- Control plane services
- Kubernetes-native apps
Figure 14.1 shows the flow of a typical API request passing through the standard checks. The flow is the same, no matter where the request originates.
Get The Kubernetes Book - Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
