报告预览

Beyond cluster-admin_ Getting Started with Kubernetes Users and Permissions.pdf

编号：140557

PDF 30页 1.88MB 下载积分：VIP专享

下载报告请您先登录！

Beyond cluster-admin_ Getting Started with Kubernetes Users and Permissions.pdf

1、Beyond cluster-admin:Getting Started with Kubernetes Users and PermissionsTiffany JerniganDeveloper AdvocateVMwaretiffanyfayjT I F F A N Y F A Y JT I F F A N Y F A Y M A S T O D O N.O N L I N E AUTHENTICATION&AUTHORIZATION AUTHN(authentication):who are you?AUTHZ(authorization):what are you allowed t

2、o do?k8s.io/docs/reference/access-authn-authz/T I F F A N Y F A Y JT I F F A N Y F A Y M A S T O D O N.O N L I N E AUTHENTICATION&USER PROVISIONINGT I F F A N Y F A Y JT I F F A N Y F A Y M A S T O D O N.O N L I N E PROVISIONING USERSAt least three possibilities:certificatescan use your own CA(e.g.V

3、ault),or Kuberneteswarning:Kubernetes API server doesnt support revocation,so you need short-lived certsOIDC tokenscan use an auth provider of your choice(e.g.okta,keycloak)or something linked to your clouds IAM(ab)use serviceaccounts to provision users(a service account is really just a user named

4、system:serviceaccount:)T I F F A N Y F A Y JT I F F A N Y F A Y M A S T O D O N.O N L I N E PROVISIONING USERS Humans:TLS,OIDC,Service Account/Client Certs,etc.Robots:use Service AccountsT I F F A N Y F A Y JT I F F A N Y F A Y M A S T O D O N.O N L I N E Example creation with OpenSSL:#Generate key

5、and CSR for our useropenssl genrsa 4096 user.keyopenssl req-new-key user.key-subj/CN=ada.lovelace/O=devs/O=ops user.csrAfter that,transfer the CSR to the CACERTIFICATEST I F F A N Y F A Y JT I F F A N Y F A Y M A S T O D O N.O N L I N E#Copy the CSR to the CA(for instance,a kubeadm-deployed control

6、plane node)#Then generate the cert:sudo openssl x509-req-CA/etc/kubernetes/pki/ca.crt-CAkey/etc/kubernetes/pki/ca.key-in user.csr-days 1-set_serial 1234 user.crt#Copy certificate(user.crt)back to the user!CERTIFICATES SELF-HOSTEDT I F F A N Y F A Y JT I F F A N Y F A Y M A S T O D O N.O N L I N E Or

友情提示

1、下载报告失败解决办法
2、PDF文件下载后，可能会被浏览器默认打开，此种情况可以点击浏览器菜单，保存网页到桌面，就可以正常下载了。
3、本站不支持迅雷下载，请使用电脑自带的IE浏览器，或者360浏览器、谷歌浏览器下载即可。
4、本站报告下载后的文档和图纸-无水印,预览文档经过压缩，下载后原文更清晰。

本文（Beyond cluster-admin_ Getting Started with Kubernetes Users and Permissions.pdf）为本站（2200）主动上传，三个皮匠报告文库仅提供信息存储空间，仅对用户上传内容的表现方式做保护处理，对上载内容本身不做任何修改或编辑。若此文所含内容侵犯了您的版权或隐私，请立即通知三个皮匠报告文库（点击联系客服），我们立即给予删除！

温馨提示：如果因为网速或其他原因下载失败请重新下载，重复下载不扣分。