Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...


Steps
1

Generate a certificate on your machine.

Code Block
openssl genrsa -out tlhakhan.key 2048


2

Generate a certificate signing request for the CA to sign.

Code Block
openssl req -new -key tlhakhan.key \
	-out tlhakhan.csr \
	-subj "/CN=tlhakhan/O=cka-lab"


3

Pass the CSR file to the CA server and generate the certificate.

Code Block
openssl x509 -req -in tlhakhan.csr \
	-CA=/etc/kubernetes/pki/ca.crt \
	-CAkey /etc/kubernetes/pki/ca.key \
	-CAcreateserial \
	-out tlhakhan.crt -days 365

Copy the CA signed certificate and ship it to the requestor's machine.

4

Create the credential.

Code Block
kubectl config set-credentials tlhakhan \
	--client-certificate cert/tlhakhan.crt \
	--client-key cert/tlhakhan.key


5

Create the context.

Code Block
kubectl config set-context tlhakhan-context \
	--user tlhakhan
	--cluster kubernetes


6

View the available contexts.

Code Block
kubectl config get-contexts


Code Block
languagetext
titleExample output
collapsetrue
# kubectl config get-contexts
CURRENT   NAME                          CLUSTER      AUTHINFO           NAMESPACE
*         [email protected]   kubernetes   kubernetes-admin   myspace
          tlhakhan-context              kubernetes   tlhakhan


7

Use the new context.

Code Block
kubectl config use-context tlhakhan-context

Verify by examining the get-contexts output and ensure that the asterisk moved to the correct context.

Code Block
languagetext
titleExample output
collapsetrue
# kubectl config get-contexts
CURRENT   NAME                          CLUSTER      AUTHINFO           NAMESPACE
          [email protected]   kubernetes   kubernetes-admin   myspace
*         tlhakhan-context              kubernetes   tlhakhan