Integrating Authentication into Your Cluster
Once a cluster has been built, users will need to interact with it securely. For most enterprises, this means authenticating individual users and making sure they can only access what they need in order to do their jobs. With Kubernetes, this can be challenging because a cluster is a collection of APIs, not an application with a frontend that can prompt for authentication.
In this chapter, you'll learn how to integrate enterprise authentication into your cluster using the OpenID Connect protocol and Kubernetes impersonation. We'll also cover several anti-patterns and explain why you should avoid using them.
In this chapter, we will cover the following topics:
- Understanding how Kubernetes knows who you are
- Understanding OpenID Connect
- Configuring KinD for OpenID Connect
- How cloud Kubernetes knows who you are
- Configuring your cluster for impersonation
- Configuring impersonation without...