3. Milan Das
● Love to code (Java, Python, Scala, Spark)
● My Journey
○ Started with Java
○ IBM Middleware MQ/ETL
○ Camel ESB
○ BPM
○ Bigdata
○ Reactive Microservices : Akka, Domain Driven Design,
○ Cloud & Kubernetes
● My Son is 9 Years old. He plays Cricket
● Equifax: Data is our gold
4. Real Life Role Based Access (Driving a CDL)
Who Are You
Is Valid License ?
AuthN AuthZ
Identify Restictions
Assign car
5. RBAC in one-slide
RBAC is set of rules to map allowed operations on set of resources in a namespace (ns1) or cluster
7. Roles Vs Binding
● Role contains rules that represent a set of permissions.
● Binding grants the permissions defined in a role to a user or set of users
● Two types of roles/bindings:
○ Roles/RoleBinding: Scope is Namespace level
○ ClusterRoles/ClusterRoleBinding : Scope at cluster level.
10. User Management in Kubernetes ?
Expectation:
kubectl create user john
Kubectl create group adminns1
Kubectl add john to adminns1
11. No User Management in Kubernetes
Expectation:
kubectl create user john
Kubectl create group adminns1
Kubectl add john to adminns1
12. How to manage user ? User Plugin
● Certificate based Authentication (x509)
● Token based Authentication
● Basic Authentication
● OAuth2: OIDC
○ Third party: Dex, OpenUnison
https://kubernetes.io/docs/reference/access-authn-authz/authentication/#openid-connect-tokens
15. Auth0 Authentication
● A OpenID Connect provider similar to
○ Auth0, github, google, Ping, SecureAuth, ADFS, Azure Active Directory
● The authentication flow looks like:
○ OAuth2 client logs a user in through Auth0.
○ That client uses the returned ID Token as a bearer token when talking to the Kubernetes API.
○ A claim designated as the username (and optionally group information) will be associated with that
request.