https://github.com/udhos/kubecert
https://github.com/udhos/kubecert
Last synced: 16 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/udhos/kubecert
- Owner: udhos
- License: mit
- Created: 2023-03-14T03:39:27.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2023-03-14T04:26:08.000Z (almost 3 years ago)
- Last Synced: 2025-03-03T01:36:25.720Z (10 months ago)
- Size: 1.95 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# kubecert
Source: https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/
```
kind --version
kind version 0.17.0
kubectl version
WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short. Use --output=yaml|json to get the full version.
Client Version: version.Info{Major:"1", Minor:"25", GitVersion:"v1.25.6", GitCommit:"ff2c119726cc1f8926fb0585c74b25921e866a28", GitTreeState:"clean", BuildDate:"2023-01-18T19:22:09Z", GoVersion:"go1.19.5", Compiler:"gc", Platform:"linux/amd64"}
Kustomize Version: v4.5.7
Server Version: version.Info{Major:"1", Minor:"25", GitVersion:"v1.25.3", GitCommit:"434bfd82814af038ad94d62ebe59b133fcb50506", GitTreeState:"clean", BuildDate:"2022-10-25T19:35:11Z", GoVersion:"go1.19.2", Compiler:"gc", Platform:"linux/amd64"}
kind create cluster --name cert
user=john
openssl genrsa -out $user.key 2048
openssl req -new -key $user.key -out $user.csr
# CN is the name of the user
# O is the group that this user will belong to
request=$(cat $user.csr | base64 | tr -d "\n")
kubectl apply -f - < $user.signed.crt
#
# create role for user
#
kubectl create role developer --verb=create --verb=get --verb=list --verb=update --verb=delete --resource=pods,pods/log
kubectl create rolebinding developer-$user --role=developer --user=$user
#
# kubeconfig
#
kubectl config set-credentials $user --client-key=$user.key --client-certificate=$user.signed.crt --embed-certs=true
kubectl config set-context $user --cluster=kind-cert --user=$user
kubectl config use-context $user
kubectl get po
kubectl run busybox --image busybox --command echo hi
kubectl logs busybox
#
# Destroy everything
#
kubectl config use-context kind-cert
kind delete cluster --name cert
```