The plugin mechanisms for authentication and authorization in Kubernetes are in their infancy. However, these features also continue to develop in the next few releases. There are also third-party providers that integrate with the features here.

Authentication is currently supported in the form of tokens, passwords, and certificates with plans to add the plugin capability at a later stage. OpenID Connect tokens are supported and several third-party implementations, such as Dex from CoreOS and aser account and authentication from Cloud Foundry, are available.

Authorization already supports three modes. The full RBAC (short for Role-Based Access Control)mode is still a work in progress and will eventually bring a mature role-based authentication from Kubernetes itself. Attribute-Based Access Control (ABAC) is already supported and lets a user define privileges via attributes in a file. Finally, a webhook mechanism is supported, which allows for integration with third-party authorization via REST web service calls.