Jayesh Jose:
Trying to understand the roles and role and binding concept . User we are binding the role is the linux system user ?.https://kubernetes.io/docs/reference/access-authn-authz/rbac/
Tej_Singh_Rana:
Hello, @Jayesh Jose
User is not related to the Linux system users and groups.
User, which specified in the kubeconfig file users column to authenticate to the k8s cluster.
You can see more details about User in the k8s docs.
https://kubernetes.io/docs/reference/access-authn-authz/authentication/#users-in-kubernetes
Pranay:
@Jayesh Jose In past I was supper confused about this - no one place was it clearly explained - but in CKA “security” section (https://kodekloud.com/courses/539883/lectures/9808250) Mumshad makes it clear .
In Plain english
Out of the box K8s does know any user - it will allow any user to come in ( Authentication )
If you want k8s to do Authentication you have to plug-in your Authentication
Above is true for “users” (human interacting with system)
Okay once user is “in” - now what they can do that is all we learn in RBAC (Authorization)
How does k8s know what is user id user is logging in - As Tej pointed out you provide that in your .kube/config file
=====
FYI : RBAC is still part of CKA - but more of user creation / CSR / various certificates etc now has moved to CKS - That is what I hear from others
Mumshad can literally copy “security” part of CKA training as-is to CKS training and it will be still be very very relevant .
Jayesh Jose:
Thank you @Pranay !! I’m clear with this now