Skip to content

Instantly share code, notes, and snippets.

@adamancini

adamancini/readme.md

Created January 13, 2023 16:13
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save adamancini/cbcf7648033714f9255117d017166a7d to your computer and use it in GitHub Desktop.
Save adamancini/cbcf7648033714f9255117d017166a7d to your computer and use it in GitHub Desktop.
Download ZIP
create kubernetes user certificates
Raw
readme.md

Create user CSR

openssl genrsa -out user1.key 2048
openssl req -new -key user1.key -out user1.csr

Approve CSR

openssl x509 -req -in user1.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out user1.crt -days 500

Create Role or ClusterRole

kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1 31
metadata:
namespace: test-namespace
name: user1-role
rules:
- apiGroups: ["", “extensions”, “apps”]
  resources: [“deployments”, “pods”, “services”]
  verbs: [“get”, “list”, “watch”, “create”, “update”, “patch”, “delete”]

Create RoleBindings

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1 31
metadata:
  name: user1-rolebinding
  namespace: test-namespace
subjects:
  - kind: User
    name: user1
    apiGroup: “”
    roleRef:
    kind: Role
    name: user1-role
    apiGroup: “”

Use it

kubectl config set-credentials user1 --client-certificate=/root/user1.crt --client-key=user1.key
kubectl config set-context user1-context --cluster=kubernetes --namespace=test-namespace --user=user1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment