You need to have the cluster's ca.crt
and ca.key
to sign the client csr
. For kops
, the cluster ca
key and crt are located inside S3 bucket (KOPS_STATE_STORE) in <bucket_name>/[..]/pki/issued/ca/
and <bucket_name>/[..]/pki/private/ca/
folders. Also the cluster has to be built with RBAC
For this particular setup we will need 3 machines to act as kubernetes (k3s) masters and one machine to act as a datastore
The datastore will be a mysql (mariadb) server although you can choose different options
The operating system chosen for this task is Debian 11 (theoretically the setup can be performed on any linux machine)
Recipes from here, cooked and baked by ssro
AWS environment, K3S kubernetes environment
Make sure that the instance used for this setup has Route53 permissions (proper instance role)
Can use persistent volumes or attached disk. In this case, there's a disk attached to the instance as /data
and XFS formatted