Creating a cluster user

Creating and signing certs

In general terms what is needed is:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
# client: Create certificates for the user
openssl genrsa -out employee.key 2048

# client: Create a certificate sign request
openssl req -new -key employee.key -out employee.csr -subj "/CN=dennis/O=nextbrave"

# server side: approve the CSR
cd /etc/kubernetes/pki/
openssl x509 -req -in dennis.csr -CA $CA_LOCATION/ca.crt -CAkey $CA_LOCATION/ca.key -CAcreateserial -out dennis.crt -days 500

# Create a configuration for your user and bind it
kubectl create -f rolebinding-ops.yaml 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
# rolebinding-ops.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: ops-binding
subjects:
- kind: User
  name: dennis
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin

Setting up kubectl

1
2
3
4
5
6
7
8
9
# set up the cluster
kubectl config set-cluster cluster.local --server=https://172.18.0.1:6443 --certificate-authority=/home/n0kt/tmp/kubernetes_local_cert/ca.crt

# set up credetials
kubectl config set-credentials dennis --client-certificate=/home/n0kt/tmp/kubernetes_local_cert/dennis.crt  --client-key=/home/n0kt/tmp/kubernetes_local_cert/dennis.key
kubectl config set-context default-system --cluster=cluster.local --namespace=default --user=dennis

# set current
kubectl config use-context default-system