Mapping enterprise identities to Kubernetes to authorize access to resources
One of the benefits of centralizing authentication is leveraging the enterprise's existing identities instead of having to create new credentials that users that interact with your clusters need to remember. It's important to know how to map your policies to these centralized users. In Chapter 7, Integrating Authentication into Your Cluster, you created a cluster and integrated it with either Active Directory Federation Services (ADFS) or Tremolo Security's testing identity provider. To finish the integration, the following ClusterRoleBinding
was created:
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:   name: ou-cluster-admins subjects: - kind: Group   name: k8s-cluster-admins   apiGroup: rbac.authorization.k8s.io roleRef:   kind: ClusterRole   name: cluster-admin   apiGroup: rbac.authorization.k8s.io...