Devops Related Articles

Creating a user in the Kubernetes cluster

Streamlining Access Management and Authentication for Enhanced Cluster Security

Robin Thakur's photo
Robin Thakur
·

2 min read

Creating a user in the Kubernetes cluster

Table of contents

Step 1: Generate a private key

To generate a private key with OpenSSL, run the following command:

openssl genrsa -out robin.key 2048

This command generates a new 2048-bit RSA private key and saves it to a file called user.key.

Step 2: Create a certificate signing request

To create a CSR with OpenSSL, run the following command:

openssl req -new -key robin.key -out robin.csr -subj "/CN=robin/O=group1"

Step 3: Sign CSE with Kubernetes CA

cat robin.csr | base64 | tr -d '\n'

Create the csr.yaml file and paste the following:

apiVersion: certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
  name: robin
spec:
  request: BASE64_CSR
  signerName: kubernetes.io/kube-apiserver-client
  usages:
  - client auth

Change BASE64_CSR to following :

Step 4: Apply the csr.yaml file to Kubernetes:

To apply a csr.yaml, run the following command:

kubectl apply -f csr.yaml

Step 5: Approve the CSR and retrieve the approved certificate

To approve a certificate, run the following command:

kubectl certificate approve robin

Step 6: Create Role and Role binding:

Create role.yaml file, and paste the following into the file.

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: default
  name: pod-reader
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "watch", "list"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: read-pods
  namespace: default
subjects:
- kind: User
  name: robin
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: Role
  name: pod-reader
  apiGroup: rbac.authorization.k8s.io

To apply a role.yaml, run the following command:

kubectl apply -f role.yaml

Step 7: Configure the kubeconfig file

To setup a kubeconfig, run the following command:

kubectl config set-credentials robin --client-certificate=robin.crt --client-key=robin.key

Output:

kubectl config get-contexts

Output:

kubectl config set-context robin-context --cluster=kubernetes --namespace=default --user=robin

Output:

kubectl config use-context robin-context

Output:

Happy Learning ^_^

Did you find this article valuable?

Support Robin Thakur by becoming a sponsor. Any amount is appreciated!

KubernetesUserKubernetesauthenticationDevops