🔗 Prerequisite: Chapter 06 (Storage) — ✅ you’ve mastered it!
How humans and services prove identity to Kubernetes.
steps-for-user-authentication
→ High-level workflow for adding users (certs, tokens, OIDC).
user-config-file
→ kubeconfig file for a new user (context, cluster, user).
How Pods authenticate to the Kubernetes API.
service-account-permissions
→ Grant permissions to a ServiceAccount (via RoleBinding).Define what users/ServiceAccounts can do.
restricted-role
→ Custom Role with limited permissions (e.g., read-only Pods).
second-kubernetes-admin
→ Create a cluster-admin-like user (full access, but not system:masters).
1 → 2 → 3 → 4 → 5
✅ Why this order?
- First, authenticate users (how they log in)
- Then, grant permissions (what they can do)
- Finally, test with real scenarios (admin vs restricted)