Method, device and system for performing authentication and authority management on user, and medium

Abstract

The invention provides a method, device and system for performing authentication and authority management on a user using a container management cluster, and a medium. The method comprises the following steps: a registration step: sending a registration request to the container management cluster, and storing a service account and authentication information created by the container management cluster for the user; a login step: responding to a login request, taking out authentication information of the user, and authenticating whether the user successfully logs in according to the authentication information by the container management cluster; an authorization step: after determining that the user has successfully logged in, creating one or more items for an authorization request of the user, storing a namespace created by the container management cluster, and sending the service account and space of the user to the container management cluster for authorization; and an authenticationstep: responding to an operation request, taking out namespaces in one-to-one correspondence with items in the operation request, and authenticating the operation request by the container management cluster based on an authorization result of the service account and the namespaces.

Description

technical field [0001] The invention relates to a method, device, system and medium for user authentication and authority management. Background technique [0002] With the development of container technology, Kubernetes (k8s) as a container management system has gradually come into people's attention. Kubernetes can help users quickly build a container management service platform. [0003] Kubernetes is a distributed container management system launched and open sourced by Google, which provides functions such as container hosting, orchestration, deployment, networking, and service discovery. Apiserver (Application Programming Interface Server) is an external management portal provided by Kubernetes. Users interact with Apiserver through the command line tool kubectl or the web page Dashboard to realize the management and configuration of Kubernetes. [0004] For security reasons, users accessing Kubernetes generally have to go through authentication and authority managem...

AI Technical Summary

Problems solved by technology

[0005] Openshift is a PASS platform based on kubernetes and Docker, which supports user authentication and authority management. Openshift implements multi-tenant management of a single cluster, but does not support multi-tenant management across multiple Kubernetes clusters.

[0006] Rancher is an open source Kubernetes management platform, but Rancher is aimed at users of a certain cluster, and the user's project does not support cross-cluster

[0007] Kubernetes itself also provides four authentication methods, each of which can be used directly, but requires users to manage their own certificates, tokens, etc., and the relationship between users and namespaces also needs to be maintained by users themselves. increased burden

Images