Kubernetes uses client certificates, bearer tokens, an authenticating proxy, or HTTP basic auth to authenticate API requests through authentication plugins. As HTTP requests are made to the API server, plugins attempt to associate the following attributes with the request.
If a client certificate is presented and verified, the common name of the subject is used as the user name for the request. It can also indicate a user’s group memberships using the certificate’s organization fields.
We recommend you ensure Kubernetes engine clusters are authenticated using client certificates.
Updated 3 months ago