Kubernetes allows external credentials for authentication, and these are: All these are managed externally to the cluster by us because Kubernetes does not provide by itself any support for users. In this case we will configure the access to the Kubernetes cluster for an…
In Kubernetes on AWS, there are two complementary access control regimes at work. AWS Identity and Access Management (IAM) allows us to assign permissions to AWS services, for example an S3 bucket. Inside the Kubernetes cluster, the complementary system to define permissions towards Kubernetes…
We are going to consider the action of adding users and roles to EKS Cluster. This may look like a similar task but there is a big difference. Unfortunately, Kubernetes does not support adding IAM groups. This means that whenever we want to add…
When we develop a Kubernetes cluster, we know we need to also deploy outside it, an administration tool that let us communicate with the cluster to execute administration actions. For that we deploy a Kubernetes client application called kubectl in a computer outside the…
Using ClusterRoles and ClusterRoleBindings Roles and RoleBindings are namespaced resources, which means they reside in and apply to resources in a single namespace, but, as we saw, RoleBindings can refer to ServiceAccounts from other namespaces, too. In addition to these namespaced resources, two cluster-level…