Authentication and authorization on Kubernetes
Namespaces are an extremely important concept in Kubernetes, and since they can affect API access as well as authorization, we'll cover them now.
Namespaces
A namespace in Kubernetes is a construct that allows you to group Kubernetes resources in your cluster. They are a method of separation with many possible uses. For instance, you could have a namespace in your cluster for each environment – dev, staging, and production.
By default, Kubernetes will create the default namespace, the kube-system
namespace, and the kube-public
namespace. Resources created without a specified namespace will be created in the default namespace. kube-system
contains the cluster services such as etcd
, the scheduler, and any resource created by Kubernetes itself and not users. kube-public
is readable by all users by default and can be used for public resources.
Users
There are two types of users in Kubernetes – regular users...