Skip to content

Instantly share code, notes, and snippets.

@emwalker

emwalker/create-user-cert

Created November 2, 2018 21:52
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save emwalker/54b8295dbc6ebf8803a5cc14c0589541 to your computer and use it in GitHub Desktop.
Save emwalker/54b8295dbc6ebf8803a5cc14c0589541 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
create-user-cert
openssl genrsa -out $username.key 4096
openssl req -new -key $username.key -out $username-csr.pem -subj "/CN=$username" -days 365
echo "Creating a certificate signing request for $username"
cat <<EOF | kubectl create -f -
apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
name: $username
spec:
groups:
- system:authenticated
request: $(cat $username-csr.pem | base64 | tr -d '\n')
usages:
- digital signature
- key encipherment
- client auth
EOF
echo "Approving certificate signing request for $username"
kubectl describe csr $username
kubectl certificate approve $username
kubectl get csr $username
kubectl get csr $username -o jsonpath='{.status.certificate}' | base64 -D > $username.crt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment