amjad hammoudeh:
What is the difference between Certificate API and Kubeconfig
amjad hammoudeh:
Hello,
what is the difference between Certificate API and Kubeconfig? i can grant a user access either by approving his/her CSR or manually add him/her in the kubeconfig right?
please correct if i am wrong
if i approved A CSR for a user he/she will have access to kube-api sever the without any restriction. if i configured a kubeconfig for this user he/she will have limited access. right ?
Perryn Gordon:
all users have their own kubeconfig, the user would put their approved certificate in their kubeconfig in order to authenticate to the cluster, for them to get an approved certificate, they would submit a csr, that you/admin would approve to allow them access
amjad hammoudeh:
<@U010KTCUF1P> Thank you for the clarification
Perryn Gordon:
My pleasure! In regards to the amount of access the user has ( their authorizations ), privileges are specified by the authorizations that are configured in a role object that you would create and bind to that user.
amjad hammoudeh:
i was able to demonstrate this in a lab and it seems by default the user has no authorizations .