K
Q

How is the UID associated with a Kubernetes request used?

5/8/2018

When a client sends a request to the Kubernetes apiserver, authentication plugins attempt to associate a number of attributes to the request. These attributes can be used by authorisation plugins to determine whether the client's request can proceed.

One such attribute is the UID of the client, however Kubernetes does not review the UID attribute during authorisation. If this is the case, how is the UID attribute used?

-- dippynark
authentication
authorization
kubernetes

Similar Questions

What is URL for Kibana UI
Kubernetes cluster on AWS using kops without internet egress
Communication in k8s cluster
Updating API Scopes for running kubernetes cluster
How to share a software product having multiple microservices and with specific Kubernetes configurations
Is there any way to determine current service instance_id in kuberbetes service discovery?
terraform How to pass a file as value for helm_release to create config map
k8s spark executor not able to parse log4j rootLogger Level
Creating a JWK server to servex keys in kubernetes
nginx Reverseproxy for Kibana gives empty dashboard on kubernetes

1 Answer

5/8/2018

The UID field is intentionally not used for authentication purposes, but it is to allow logging for audit purposes.

For many organizations this might not be important, but for example Google allows employees to change their usernames (but of course not the numeric UID). Logging the UID would allow lookups of actions regardless of the current username.

(Now some might point out, that changing the username will likely involve loosing the current privileges; this is an accepted limitation/inconvinience.)

-- Janos Lenart
Source: StackOverflow