Kubernetes supports several authorization modules. At the time of writing this book, it supports the following:
- ABAC
- RBAC
- Node authorization
- Webhook
- Custom modules
Attribute-Based Access Control (ABAC) was the major authorization mode before Role-Based Access Control (RBAC) was introduced. Node authorization is used by kubelet to make a request to the API server. Kubernetes supports the webhook authorization mode to establish a HTTP callback with an external RESTful service. It'll do a POST whenever it faces an authorization decision. Another common way to do this is by implementing your in-house module by following along with the pre-defined authorizer interface. For more implementation information, refer to https://kubernetes.io/docs/admin/authorization/#custom-modules. In this section, we'll walk though how to leverage and utilize RBAC in Kubernetes.