- Take me to Video Tutorial
In this section, we will take a look at kubernetes security primitives
-
We need to make two types of decisions.
- Who can access?
- What can they do?
- Who can access the API Server is defined by the Authentication mechanisms.
- Once they gain access to the cluster, what they can do is defined by authorization mechanisms.
- All communication with the cluster, between the various components such as the ETCD Cluster, kube-controller-manager, scheduler, api server, as well as those running on the working nodes such as the kubelet and kubeproxy is secured using TLS encryption.
What about communication between applications within the cluster?
