From 32e1edc2a2d594d6d2cbc24b94f5a8ed06c91aa0 Mon Sep 17 00:00:00 2001 From: Jerome Petazzoni Date: Fri, 21 Sep 2018 09:08:58 +0200 Subject: [PATCH] Long slide is long --- slides/k8s/authn-authz.md | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/slides/k8s/authn-authz.md b/slides/k8s/authn-authz.md index df0082aa..65d4bafd 100644 --- a/slides/k8s/authn-authz.md +++ b/slides/k8s/authn-authz.md @@ -24,15 +24,9 @@ (it examines headers, certificates ... anything available) -- Many authentication methods can be used simultaneously: +- Many authentication methods are available and can be used simultaneously - - TLS client certificates (that's what we've been doing with `kubectl` so far) - - - bearer tokens (a secret token in the HTTP headers of the request) - - - [HTTP basic auth](https://en.wikipedia.org/wiki/Basic_access_authentication) (carrying user and password in a HTTP header) - - - authentication proxy (sitting in front of the API and setting trusted headers) + (we will see them on the next slide) - It's the job of the authentication method to produce: @@ -44,6 +38,26 @@ --- +## Authentication methods + +- TLS client certificates + + (that's what we've been doing with `kubectl` so far) + +- Bearer tokens + + (a secret token in the HTTP headers of the request) + +- [HTTP basic auth](https://en.wikipedia.org/wiki/Basic_access_authentication) + + (carrying user and password in a HTTP header) + +- Authentication proxy + + (sitting in front of the API and setting trusted headers) + +--- + ## Anonymous requests - If any authentication method *rejects* a request, it's denied