K
Q

Question

Why is kubectl not asking for a password?

11/17/2019

Why is kubectl not asking for a password?

I have created a kubernetes cluster on my server with kubeadm
than I installed kubectl on my local machine
and copied the content of /etc/kubernetes/admin.conf from my server into the file ~/.kube/config on my local machine.

Now I cann access my own cluster from my local machine with kubectl without the need of a passphrase? Why is this so?

When I want ot access my server via ssh I need of course a user/password or an allowed ssh key. Why does kubectl not ask me for a passphrase? To me it seems not to be secure enoght.

-- Ralph

kubectl

kubernetes

1 Answer

11/17/2019

Kubernetes supports different authentication strategies, defined here.

Generally, Kubernetes cluster uses client certificate authentication. If you look at your ~/.kube/config file you'll see a field something like this:

- name: kubernetes-admin
  user:
    client-certificate-data: <BASE64 ENCODED X509 CERTIFICATE>
    client-key-data:  <BASE64 ENCODED PRIVATE KEY FOR THE CERTIFICATE>

You can see that the kubernetes-admin user has a client certificate data and key. This certificate is trusted by the Certificate Authority (CA) of your cluster.

When you use kubectl, it sends the client certificate data of the user to your cluster and your cluster CA verifies it. If the client is verified, then you can access the cluster.

-- Fahim Abrar

Source: StackOverflow

KQ

Why is kubectl not asking for a password?

Similar Questions

1 Answer

K
Q