What Do You Mean K8s Doesn't Have Users? How Do I Manage User Access Then?

The presentation discusses user management in Kubernetes, including authentication and authorization using various external identities and role-based access control.

• Various external identities can be used for authentication and authorization, including static tokens, certificates, webhook services, and OpenID Connect
• Role-based access control is used to tie user identities to a set of roles that define what actions they can perform on the API server
• User and group information is typically provided externally and not stored on the API server itself
• Kubernetes provides a fine-grained role-based access control system that allows for control over access to different API objects and sub-objects

The speaker explains that user management in Kubernetes can be complex and not straightforward, but provides a good segue into learning more about the different options available.

What if I told you that once you give someone client certificate access to your Kubernetes cluster you can't take it away again? It's true. Once you create an authentication key and give it access to the cluster, there's no way to revoke it. That person has access forever. And that's just one of the weird things about Kubernetes Authentication and Authorization. In this session, you will learn about how Kubernetes handles users and permissions, and how to set up your cluster to do it more efficiently and securely. You'll learn: How access keys work How permissions work How to segment your cluster for greater security How Role-Based Access Control limits what individual users can see and do How to use OpenID Connect to get around the issue of permanent access without having to manage hundreds or thousands of individual Roles You will leave this session ready to create a more secure and convenient way to manage your cluster.