Saiyam Pathak avatar
By Saiyam Pathak
Director of Technical Evangelism


Learn about Kubernetes authorization and its different modes - RBAC, web hooks, always allow and always deny modes.



Hi, In this video, we'll be talking about authorization. So, authorization is the next step after authentication, and different modes can be used for authorization mode, which the --authorization-mode flag must supply.

Different modes of authorization

So, in this RBAC, you can specify whatever authorization mode you're using. So, first is the node authorization. It is a special type of special-purpose authorization that allows the Kubernetes to perform API operations. Then there is the ABAC, which is attribute-based access control. So, in addition to authorization mode, you also need to specify the attribute-based authorization policy file. And this policy file is JSON-based, and it is where each line is a policy object.


The next one is RBAC, which is role-based access control. In this, you create a role then, a role binding then, assign it to a particular service account or user. So, it has three things: a user, verb, and object. So, you can define what a user can do on a particular object in the Kubernetes cluster.


The next one is the webhook. A webhook is an external service that is called by the API server, and then it decides whether the request is allowed or not. It's a simple HTTP callback that happens whenever something happens. And here also, you have to provide the authorization webhook config file.

Always Allow and Always Deny modes

There are other two modes, which are Always Allow, and Always Deny. So, Always Allow will always allow all the requests. Always Deny will deny all the requests. These two are used in the testing whenever you are doing some testing. So, this is what high-level authorization looks like and its different authorization modes. So the API server has to be started with --authorization-mode. That's it for this lecture. Thanks for watching. See you in the next one.

Don't stop now, check out your next lesson