I was learning Kubernetes authentication, and authorization using RBAC. Now a question always puzzling me, How exactly the users in Kubeconfig file(eg /home/.kube/config) differ from the users of basic-auth-file in kube-apiserver startup command?
I have gone through the offical documents, and there seems no any relations between them. Please kindly help me figure it out. Thank you!
A kubeconfig file contains three types of stanzas: clusters, users, and contexts.
A cluster stanza describes how kubectl should reach a particular cluster. It has the URL and optionally a CA bundle to use to verify a secure connection.
A user stanza describes credentials kubectl should send. A user stanza in a kubeconfig file can reference a x509 client certificate, or a bearer token, or a basic auth username/password.
A context stanza pairs a cluster and a user stanza and gives it a name (e.g. "the 'development' context uses the 'development' cluster definition and the 'testuser' user credentials")
The "current-context" attribute in a kubeconfig file indicates what context should be used by default when invoking kubectl.
How exactly the users in Kubeconfig file(eg /home/.kube/config) differ from the users of basic-auth-file in kube-apiserver startup command?
Only the credentials in user definitions in a kubeconfig are sent to the server. The name has no meaning apart from the reference from the context stanza.
User definitions in a kubeconfig file can contain many types of credentials, not just basic auth credentials.