What do u mean by kube-api server authenticate and authorize the request

Sadiq-Inamdar · March 13, 2024, 2:43am

What do u mean by kube-api server authenticate and authorize the request, and how does it happen needs some explanation.

rob_kodekloud · March 13, 2024, 2:54am

Suppose you run kubectl to do some action on the cluster. kubectl is a client of the kube-apiserver; it sends an HTTPRequest to the server.

The server needs to take a number of steps:

First, the server needs to figure out “who’s asking” – this is authentication: figuring out who is making the request.
Second, the server needs to figure out what rights this user has in the cluster. Are they allowed to do this action to this resource in the cluster? That step is “authorization”.
if the authenticated user is authorized to do the request’s action on the cluster, then it takes the action and returns the output. Otherwise, it returns either a 403 error (if it wasn’t authorized) or a 401 error (if it wasn’t authenticated).

Sadiq-Inamdar · March 13, 2024, 6:48am

@rob_kodekloud Thanks for the response, can you please let what is the mechanism behind this, like for authentication its uses usemane and password et.

rob_kodekloud · March 13, 2024, 8:27am

Here you want to look at the docs. For authentication, the most common type you’ll see is using certificates, but people also use things like LDAP, OpenID or tokens. Authorization is mostly using Role Based Access Control (RBAC).