<h1 id="authentication">Authentication<a aria-hidden="true" class="anchor-heading icon-link" href="#authentication"></a></h1>
<p>Access to the Kubernetes API is managed via two different types of user account:</p>
<ul>
<li><strong>Service accounts</strong> are managed by Kubernetes itself. These are used by cluster components (via secrets mounted into pods) to manage resources in their bound namespaces.</li>
<li><strong>Normal users</strong> are independent of the cluster.</li>
</ul>
<h1 id="normal-users">Normal users<a aria-hidden="true" class="anchor-heading icon-link" href="#normal-users"></a></h1>
<p>Kubernetes users aren't API objects, though they're referenced as if they were. They're provided by an authentication module which interacts with an external source: a password file, a database or some form of directory or token service. Two types of resource are modelled in this way:</p>
<ul>
<li><strong>Users</strong> represent individual users.</li>
<li><strong>Groups</strong> represent a set of related users.</li>
</ul>
<p>Managed Kubernetes offerings are usually integrated with the host <a href="/notes/f1daa05d-2f23-4877-aa48-ebed807f420c">cloud platform</a>.</p>
<hr>
<strong>Backlinks</strong>
<ul>
<li><a href="/notes/6987649b-d420-49ad-95ab-6c0d8aa891b8">RBAC (public)</a></li>
</ul>

Authentication


![Digital brain](assets/images/logo.svg){display: block, margin: 0 auto, max-height: 50vh}

Hi, I'm Luke 👋

I'm a software engineer turned site reliability engineer. I'm currently big on knowledge management and learning.

# Find me elsewhere

- [👨‍💻 DEV](https://dev.to/lukecarrier)
- [🚢 GitHub](https://github.com/LukeCarrier)
- [👔 LinkedIn](https://www.linkedin.com/in/lukecarrier/)
- [📄 Résumé](https://github.com/LukeCarrier/resume)
