You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I asked how this worked in the #kubernetes channel in the Gopher slack, and seh gave some nice guidance:
I assume you're talking about clients using X.509 certificates to authenticate. The API server is configured with a CA bundle of certificates to trust (by default, the same CA used to sign the server's certificate), and so long as the client certificate is signed by one of the certificates in the bundle, or presents a chain that in which at least one certificate is signed by one of the certificates in the bundle, authentication succeeds, using the subject's CN attribute as the user name and the O attributes as the set of groups.
The text was updated successfully, but these errors were encountered:
I asked how this worked in the #kubernetes channel in the Gopher slack, and seh gave some nice guidance:
The text was updated successfully, but these errors were encountered: