Certificate authentication

Kubernetes supports multiple types of authentication

Token authentication is very prominent (due to service accounts)

Token authentication maps to service account

Certificate authentication is integrated as well

Certificate authentication maps to user in Common Name

Mind expiry of certificate and certificate authority

Demo

Create certificate for existing cluster

Create Role and RoleBinding for user from certificate

Test permissions