Background

Kubernetes uses certificates to authenticate, especially the kubectl utility.

Procedure


Steps
1

Generate a certificate on your machine.

openssl genrsa -out tlhakhan.key 2048
2

Generate a certificate signing request for the CA to sign.

openssl req -new -key tlhakhan.key \
	-out tlhakhan.csr \
	-subj "/CN=tlhakhan/O=cka-lab"
3

Pass the CSR file to the CA server and generate the certificate.

openssl x509 -req -in tlhakhan.csr \
	-CA=/etc/kubernetes/pki/ca.crt \
	-CAkey /etc/kubernetes/pki/ca.key \
	-CAcreateserial \
	-out tlhakhan.crt -days 365

Copy the CA signed certificate and ship it to the requestor's machine.

4

Create the credential.

kubectl config set-credentials tlhakhan \
	--client-certificate cert/tlhakhan.crt \
	--client-key cert/tlhakhan.key
5

Create the context.

kubectl config set-context tlhakhan-context \
	--user tlhakhan
	--cluster kubernetes
6

View the available contexts.

kubectl config get-contexts
Example output
# kubectl config get-contexts
CURRENT   NAME                          CLUSTER      AUTHINFO           NAMESPACE
*         [email protected]   kubernetes   kubernetes-admin   myspace
          tlhakhan-context              kubernetes   tlhakhan
7

Use the new context.

kubectl config use-context tlhakhan-context

Verify by examining the get-contexts output and ensure that the asterisk moved to the correct context.

Example output
# kubectl config get-contexts
CURRENT   NAME                          CLUSTER      AUTHINFO           NAMESPACE
          [email protected]   kubernetes   kubernetes-admin   myspace
*         tlhakhan-context              kubernetes   tlhakhan
  • No labels