Upgrade to Pro — share decks privately, control downloads, hide ads and more …

認証の仕組みとclient-go credential plugin / authentica...

認証の仕組みとclient-go credential plugin / authentication and client-go credential plugin

2019.8.28
Kubernetes Meetup Tokyo #22

Hidetake Iwata

August 28, 2019
Tweet

More Decks by Hidetake Iwata

Other Decks in Programming

Transcript

  1. Kubernetesクライアントはkubeconfig(デフォルトでは~/.kube/config)に書いてある 静的な認証情報を利用してAPIサーバにアクセスする. Kubernetesクライアントの認証情報 kubectl client-go ~/.kube/config users: - name: hello-basic

    user: client-certificate-data: LS... client-key-data: LS… password: YOUR_PASSWORD username: YOUR_USERNAME - name: hello-token user: token: YOUR_TOKEN 証明書と秘密鍵 ユーザ名/パスワード トークン
  2. 参考資料 • client-go credential pluginsの仕様, https://kubernetes.io/docs/reference/access-authn-authz/authentication/ #client-go-credential-plugins • client-go credential

    pluginsのプロポーザル, https://stupefied-goodall-e282f7.netlify.com/contributors/design-proposal s/auth/kubectl-exec-plugins/.