Access control
Kubernetes access to API provides three security access control measures: authentication, authorization and Admission Control. Certified resolve the issue of who the user is, what the user can do to solve the problem authorization, Admission Control is the role of resource management. Reasonable rights management, to ensure safe and reliable system.
All operations are carried out substantially Kubernetes cluster kube-apiserver through this component, which provides for HTTP RESTful API for the cluster forms of client calls. Note that: there is only HTTPS authentication and authorization process in the form of API. In other words, if the client uses HTTP to connect to kube-apiserver, it is not going to authentication and authorization. So, so to set up the communication used between the internal components of the cluster HTTP, outside the cluster on the use of HTTPS, so as to enhance safety, not be too complicated.
The figure is in three steps to go through API access, authentication and authorization is the first two, the third is the Admission Control.
