The difference between kubernetes users in kubeconfig and in basic-auth-file?

7/7/2018

I was learning Kubernetes authentication, and authorization using RBAC. Now a question always puzzling me, How exactly the users in Kubeconfig file(eg /home/.kube/config) differ from the users of basic-auth-file in kube-apiserver startup command?

I have gone through the offical documents, and there seems no any relations between them. Please kindly help me figure it out. Thank you!

-- Jepsenwan
authentication
kubernetes

1 Answer

7/7/2018

A kubeconfig file contains three types of stanzas: clusters, users, and contexts.

  1. A cluster stanza describes how kubectl should reach a particular cluster. It has the URL and optionally a CA bundle to use to verify a secure connection.

  2. A user stanza describes credentials kubectl should send. A user stanza in a kubeconfig file can reference a x509 client certificate, or a bearer token, or a basic auth username/password.

  3. A context stanza pairs a cluster and a user stanza and gives it a name (e.g. "the 'development' context uses the 'development' cluster definition and the 'testuser' user credentials")

The "current-context" attribute in a kubeconfig file indicates what context should be used by default when invoking kubectl.

How exactly the users in Kubeconfig file(eg /home/.kube/config) differ from the users of basic-auth-file in kube-apiserver startup command?

Only the credentials in user definitions in a kubeconfig are sent to the server. The name has no meaning apart from the reference from the context stanza.

User definitions in a kubeconfig file can contain many types of credentials, not just basic auth credentials.

-- Jordan Liggitt
Source: StackOverflow