Everything is an API object.

Authentication

RBAC since 1.6

• Role-based access control

Only allow rules, no deny rules (like security group)

• All powerful accounts dictates roles for production (admin account, essentially)

Kubernetes doesn’t manage users at all. You have to manage users externally

• IAM
• Active Directories

Service accounts are used and managed by clusters

• For control plan to use
• You can (should) manage them
• Every pod gets associated with service account

Authorization

Change Kubernetes config file.