Kubernetes can be configured to use SSL certificates to authenticate users allowing kubernetes internals (RBAC and events) to be used for authorization and accounting. To do this efficiently it's best to use a pki server to manage the issuance, revocation and maintenance of certificates.
Vault is not only a great tool for storing secrets in Kubernetes, it can also be used as a pki server, managing user certificates on a per-group basis, allowing a hierarchical authorization model as well as hierarchical management of user certificates.