Accessing the Cluster as a User
Learn how to impersonate the new user John and try to get the access authenticated.
We created a new cluster called jdoe.
Please note that the command we executed created just another config entry that enables to access all resources that currently exist in the cluster. It manipulated local text file, without changing anything in the existing cluster.
Setting the credentials#
Next, he’ll have to set the credentials using the certificate and the key we created for him.
We created a new set of credentials called jdoe.
Creating a new context#
Finally, John will have to create a new context.
We created the context jdoe that uses the newly created cluster and the user. We also made sure that we’re using the newly created context.
Let’s take a look at the config.
The output, limited to John’s settings, is as follows.
No authorization#
John should be happy thinking that he can access our cluster. Since he’s a curious person, he’ll want to see the Pods we’re running.
The output is as follows.
That’s frustrating. John can reach our cluster, but he cannot retrieve the list of Pods. Since hope dies last, John might check whether he is forbidden from seeing other types of objects.
The output is a long list of all the objects he’s forbidden from seeing. So, in other words, John is authenticated successfully, but he is not authorized to view objects in the cluster.
John picks up his phone to beg not only that you give him access to the cluster but also the permissions to “play” with it.
Try it yourself#
A list of all the commands used in the lesson is given below.
You can practice the commands in the following terminal by pressing the Click to Connect button and waiting for the cluster to set up:
