Access Control
Users access the Kubernetes API using kubectl, client libraries, or by making REST requests. Both human users and Kubernetes service accounts can be authorized for API access. When a request reaches the API, it goes through several stages, illustrated in the following diagram. See also Controlling Access to the Kubernetes API for more in-depth information:
To put it simply, we could describe each stage as follows:
| Stage | What It Asks | Purpose |
|---|---|---|
| Authentication | Who are you? | Verifies the identity of the user or service account. |
| Authorization | Are you allowed to do this? | Checks whether the authenticated identity has the required permissions. |
| Admission Control | Does this follow the rules? | Applies custom rules and policies before allowing the request. |
Learn more by visiting the following pages:
- Authentication
Describes how user authentication within SCK clusters works. - Authorization
Describes how user authorization within SCK clusters works.