Last active
April 22, 2024 16:45
-
-
Save xchandan/b25ef1a56643c17c272581838f026b58 to your computer and use it in GitHub Desktop.
kubernetes-user-creation.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| openssl genpkey -out chandan.key -algorithm Ed25519 | |
| cat chandan.key | |
| openssl req -new -key chandan.key -out chandan.csr -subj "/CN=chandan/O=edit" | |
| creq=$(cat chandan.csr | base64 | tr -d "\n") | |
| cat <<EOF | kubectl apply -f - | |
| apiVersion: certificates.k8s.io/v1 | |
| kind: CertificateSigningRequest | |
| metadata: | |
| name: chandan | |
| spec: | |
| request: ${creq} | |
| signerName: kubernetes.io/kube-apiserver-client | |
| expirationSeconds: 86400 # one day | |
| usages: | |
| - client auth | |
| EOF | |
| kubectl get certificatesigningrequest.certificates.k8s.io | |
| kubectl certificate approve chandan | |
| kubectl describe csr/chandan | |
| kubectl get csr/chandan -o json | |
| kubectl get csr/chandan -o jsonpath="{.status.certificate}" | base64 -d > chandan.crt | |
| cp ~/.kube/config chandan-kube-config #always backup | |
| kubectl --kubeconfig chandan-kube-config config set-credentials chandan --client-key chandan.key --client-certificate chandan.crt --embed-certs=true | |
| kubectl auth can-i create deployments --namespace=default --as=chandan | |
| kubectl get pods --as=chandan | |
| #https://aungzanbaw.medium.com/a-step-by-step-guide-to-creating-users-in-kubernetes-6a5a2cfd8c71 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment