Skip to content

Commit 5a86c37

Browse files
manzil-infinity180manzil-infinity180
committed
feat(docs): more docs realated to kubeconfig file and context
1 parent 368e18c commit 5a86c37

File tree

5 files changed

+186
-0
lines changed

5 files changed

+186
-0
lines changed

csr.yaml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
apiVersion: certificates.k8s.io/v1
2+
kind: CertificateSigningRequest
3+
metadata:
4+
name: rahulxf
5+
spec:
6+
groups:
7+
- developers
8+
request: |
9+
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ3REQ0NBWndDQVFBd2J6RUxNQWtHQTFVRUJoTUNTVTR4Q3pBSkJnTlZCQWdNQWxWUU1SSXdFQVlEVlFRSApEQWxIYjNKaGEyaHdkWEl4Q3pBSkJnTlZCQW9NQWxobU1SQXdEZ1lEVlFRRERBZHlZV2gxYkhobU1TQXdIZ1lKCktvWklodmNOQVFrQkZoRnlZV2gxYkhobVFHZHRZV2xzTG1OdmJUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQUQKZ2dFUEFEQ0NBUW9DZ2dFQkFMNnEwTk9EblBMekxLRXNYMFErbjJsdFhRWlo1OWVKUkt0V0VtODBKRUV5UEo4aQpTdTVNS2VXaFo5UkVKMnowVmlkNWd1ZGdFdllsc0NvTlkvamZSemtrQ2hoVVdDYVJ2NklDbXYwZVIvRWZrNVo3CmJlSFYrVFMrdGFUdUlvQnhtaXdpOGErQi9oQ3lxTEFHTk5GUy9ldEVLMkNZY1NvNXdxM2NVdFhoTENtMXhSVEUKSVd2cml6WHhpTUJHRDJJSlJpQWpieTdyQkVRL1JTOFRnV2pZRDFGMndPaEdXWmxUOXliMTNLcnFMQktCbXFKZwpZNzJVc2RJb09FRCtIZ0plaGVpWWhYZlFhYytub1VLN3lIYlZvbTJ5VXJwSHBtZEQyUzArT3hnbUwrT290QUtQCmMvLytYWTBEdTlwVVBQNi9VUHc5VTZrZ3lneUhINzVXSkFCQk9zOENBd0VBQWFBQU1BMEdDU3FHU0liM0RRRUIKQ3dVQUE0SUJBUUFYRVVnNDQ5RnJMOC93OHhvUXZIV2xscHZZeFEzWm5pME1ibSszUmZjRnhjVUxiRkxJTXluegpJd0RKb3VMRmp3anl0VzExcFEySmpKWUl3NldIQTh0Skd6YTN1QzdZKzh2VHRhN0M1RTFwQXlMd2kvVkJ2LytrCmpJekNON3NwNm9TcjBJYVpQMTFqNHRxTWN5amhhcmtpcmgydlBQOWxrbWw1MFdjNzZkMTZxQWJyTk82cGxycXkKQVpGYzdhMFZBd0FFZzJueFJuZ1FRd09jMjBUQmFsaEhXMFdXR0tKRU4ya0U4c3pQMXgxZXFwc2xBSEcxVld5egpjTFJ5ZFNlQlZ5RmI5R0ZjQ3pTRkVSVHVjb0d0c1dENlhSZnZUSFRPbit2ZWRmK3RwL3hwZXdWVWNwemQrckN6CjF1eCt3U0Z0Si85RDhSRU44Nmo2QkQvbmF6MTQxSlhYCi0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=
10+
signerName: kubernetes.io/kube-apiserver-client
11+
usages:
12+
- client auth

rahulxf.crt

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIICwzCCAasCFDOYZ/6ejQTgb29giO7GTl48RUPKMA0GCSqGSIb3DQEBCwUAMBUx
3+
EzARBgNVBAMTCmt1YmVybmV0ZXMwHhcNMjUwMjE4MTkyNTU3WhcNMjUwMzEwMTky
4+
NTU3WjAnMRAwDgYDVQQDDAdyYWh1bHhmMRMwEQYDVQQKDApkZXZlbG9wZXJzMIIB
5+
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqrQ04Oc8vMsoSxfRD6faW1d
6+
Blnn14lEq1YSbzQkQTI8nyJK7kwp5aFn1EQnbPRWJ3mC52AS9iWwKg1j+N9HOSQK
7+
GFRYJpG/ogKa/R5H8R+Tlntt4dX5NL61pO4igHGaLCLxr4H+ELKosAY00VL960Qr
8+
YJhxKjnCrdxS1eEsKbXFFMQha+uLNfGIwEYPYglGICNvLusERD9FLxOBaNgPUXbA
9+
6EZZmVP3JvXcquosEoGaomBjvZSx0ig4QP4eAl6F6JiFd9Bpz6ehQrvIdtWibbJS
10+
ukemZ0PZLT47GCYv46i0Ao9z//5djQO72lQ8/r9Q/D1TqSDKDIcfvlYkAEE6zwID
11+
AQABMA0GCSqGSIb3DQEBCwUAA4IBAQAJdoEk2LFBHUSF0Y5/u5Qaj4a9RWkp5/9D
12+
8hc8ReZaXRP+dWkHq2uRnqVr5YF2QgkTST1aOo8wiZ295S+XTauouWKb14aRInS/
13+
gbl82exS3GJ3s/NrTE00Xh6Kz9fly70I91NRgDyvvjIG5whU/KuCDcPo9hXPkOSp
14+
cgRaozfmRrlL6lMDhycIoovgeQulQGCHX5dI9XVXF6EzzkNbKVlG2a33f7hN0I9j
15+
o1GTDPVgQZUXnYmgQcl7lQO0XBu/VM99fWWt51QzaxyFeDkIiy3a/H/Iy/430DLU
16+
n4h4yQlzNgAgg3p8C5O5LG2bqcD2UckYnCFEmZhTUnGg5rjjsEYw
17+
-----END CERTIFICATE-----

rahulxf.csr

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
-----BEGIN CERTIFICATE REQUEST-----
2+
MIICtDCCAZwCAQAwbzELMAkGA1UEBhMCSU4xCzAJBgNVBAgMAlVQMRIwEAYDVQQH
3+
DAlHb3Jha2hwdXIxCzAJBgNVBAoMAlhmMRAwDgYDVQQDDAdyYWh1bHhmMSAwHgYJ
4+
KoZIhvcNAQkBFhFyYWh1bHhmQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
5+
ggEPADCCAQoCggEBAL6q0NODnPLzLKEsX0Q+n2ltXQZZ59eJRKtWEm80JEEyPJ8i
6+
Su5MKeWhZ9REJ2z0Vid5gudgEvYlsCoNY/jfRzkkChhUWCaRv6ICmv0eR/Efk5Z7
7+
beHV+TS+taTuIoBxmiwi8a+B/hCyqLAGNNFS/etEK2CYcSo5wq3cUtXhLCm1xRTE
8+
IWvrizXxiMBGD2IJRiAjby7rBEQ/RS8TgWjYD1F2wOhGWZlT9yb13KrqLBKBmqJg
9+
Y72UsdIoOED+HgJeheiYhXfQac+noUK7yHbVom2yUrpHpmdD2S0+OxgmL+OotAKP
10+
c//+XY0Du9pUPP6/UPw9U6kgygyHH75WJABBOs8CAwEAAaAAMA0GCSqGSIb3DQEB
11+
CwUAA4IBAQAXEUg449FrL8/w8xoQvHWllpvYxQ3Zni0Mbm+3RfcFxcULbFLIMynz
12+
IwDJouLFjwjytW11pQ2JjJYIw6WHA8tJGza3uC7Y+8vTta7C5E1pAyLwi/VBv/+k
13+
jIzCN7sp6oSr0IaZP11j4tqMcyjharkirh2vPP9lkml50Wc76d16qAbrNO6plrqy
14+
AZFc7a0VAwAEg2nxRngQQwOc20TBalhHW0WWGKJEN2kE8szP1x1eqpslAHG1VWyz
15+
cLRydSeBVyFb9GFcCzSFERTucoGtsWD6XRfvTHTOn+vedf+tp/xpewVUcpzd+rCz
16+
1ux+wSFtJ/9D8REN86j6BD/naz141JXX
17+
-----END CERTIFICATE REQUEST-----

rahulxf.key

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
-----BEGIN PRIVATE KEY-----
2+
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+qtDTg5zy8yyh
3+
LF9EPp9pbV0GWefXiUSrVhJvNCRBMjyfIkruTCnloWfURCds9FYneYLnYBL2JbAq
4+
DWP430c5JAoYVFgmkb+iApr9HkfxH5OWe23h1fk0vrWk7iKAcZosIvGvgf4Qsqiw
5+
BjTRUv3rRCtgmHEqOcKt3FLV4SwptcUUxCFr64s18YjARg9iCUYgI28u6wREP0Uv
6+
E4Fo2A9RdsDoRlmZU/cm9dyq6iwSgZqiYGO9lLHSKDhA/h4CXoXomIV30GnPp6FC
7+
u8h21aJtslK6R6ZnQ9ktPjsYJi/jqLQCj3P//l2NA7vaVDz+v1D8PVOpIMoMhx++
8+
ViQAQTrPAgMBAAECggEAB48Ru1OcQnIgjVKLLlNF55yV07LMba+RS4echdBtNYZ5
9+
KnKQwj9pE85L0E7+uc46p32k575X0hlZZrlkLWbQqzPCELKF/MrKFvFVKqlrfw7a
10+
P4eCKjIHm1nfgqaMM0e4WH1EKUnqhB1JHGgKlQKIyC3KLcitXS1atKDSSeIPlFGr
11+
wJUcYaOaMgsR9AaW53qaU0P02Jes3TAxxkZ/EZ3ArKiHzTENkZJzI1BQRe/Dn2aN
12+
4xphQDFr4KTnwPgU8wJwfm49Y6Svl5Xqintf16NPbzpyUofGVFEHd0Bz3pT3jiLm
13+
JhD7sXEkt9NcC/AbW+mNDSBY6boBZw+xSrL+gRiWVQKBgQDs53415jw5rj/xq3zY
14+
zcxt520NEBJCefYJx6JCTJ+w97Ibtu3PrgzSUjhfARx1R3mvB+HhgRfGpJzdaxJ9
15+
ZbsZRU0n+M2DHpsmmjb/kHP1aKn1xiEja3IKlZVlNMl1hjUaLdnvXG/eHerRRVX3
16+
RqVTQ8hS3XG7Z4zgonPVVQ+f+wKBgQDOCTlo/kWgnqRFvAFdyaQK1Ickod/bAtqA
17+
1qxyOGa3FiwOuv3ZICu7R0Ei29ZUZMVqmC9rTeDORN5LjyzH5ntfBUKt7OYbXM3N
18+
Ck16Fx946MyAIa25+K41oNCD38P5mGkUSrx4yin/LrdRSaaywhx9pUUYw6UolZjp
19+
j9Or/DGUPQKBgQC2Itxj8BkJd7Btyxx3SvIK5UxwKJUBSucgab2UH3j/A9CJgkCf
20+
1P7CjLgOQrpwaH1jVjoRt8Bh1plLmlBi3F3WdfN18dF/J369VP9HyPV+DfPto2BC
21+
7Q6GmK59WvIwSvh0oh/V6UmQiYvJTPdk34mn1IslOl+AZ4JmCj/oGjejFQKBgQC+
22+
oaBBucn4Y/AAKYRmH3QtJRjpVvDFNe2veXDSucanrdcTxgWrSG3N+I6WzyqOqTJT
23+
fv2Y3dSbZPL8nDtFtcX+U+KvA9qgBIzSIq8uwIg5GcRk5URVJnchXWqwKXCs1kyb
24+
Hs8lP3/+AF5S0r9u89Til/DHifWdCFUT/SRPI6dHzQKBgDeUPB93O7sb61fMEPe8
25+
8AbJQEb0AH4OXxxc9LJO3dg0zgPOzfNKd6khwYT10BdIj6fjCK5KhbpjdCdsnh4E
26+
7JF5gDux4t3w3YnIP9NeRpwedAaWqYnFhPK4YgznyvpeNzBJydxauvEM3CWQe13H
27+
EQ+y+/EYgUX8sUFIqhLhAU79
28+
-----END PRIVATE KEY-----

user-creating-k8s-command.md

Lines changed: 112 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,112 @@
1+
### User creation in Kubernetes
2+
3+
Generate new ssl key:
4+
--------------------
5+
```bat
6+
openssl genrsa -out asimehsan.key 2048
7+
```
8+
9+
Generate new certificate signing request for the issuer authority:
10+
------------------------------------------------------------------
11+
```rs
12+
#CN is the name of the user
13+
openssl req -new -key asimehsan.key -out asimehsan.csr -subj "/CN=asimehsan"
14+
15+
OR
16+
17+
#O is the group name. When you will create the rolebinding do the binding based on group name.
18+
openssl req -new -key asimehsan.key -out asimehsan.csr -subj "/CN=asimehsan/O=cluster:manager"
19+
```
20+
21+
Create manifest file csr_template.yaml:
22+
---------------------------------------
23+
```go
24+
cat <<EOF > csr_template.yaml
25+
apiVersion: certificates.k8s.io/v1
26+
kind: CertificateSigningRequest
27+
metadata:
28+
name: asimehsan-csr
29+
spec:
30+
request: <Base64_encoded_CSR>
31+
signerName: kubernetes.io/kube-apiserver-client
32+
usages:
33+
- client auth
34+
EOF
35+
```
36+
37+
Save the certificate signing request in base64 encoded in variable CSR_CONTENT:
38+
-------------------------------------------------------------------------------
39+
```rs
40+
CSR_CONTENT=$(cat asimehsan.csr | base64 | tr -d '\n')
41+
```
42+
43+
Put the encoded certificate signing request in template manifest:
44+
-----------------------------------------------------------------
45+
```rs
46+
sed "s|<Base64_encoded_CSR>|$CSR_CONTENT|" csr_template.yaml > asimehsan_csr.yaml
47+
```
48+
49+
Create the csr resource:
50+
-----------------------
51+
```rs
52+
kubectl create -f asimehsan_csr.yaml
53+
kubectl get csr
54+
```
55+
56+
Do approval as cluster admin user:
57+
---------------------------------
58+
```rs
59+
kubectl certificate approve asimehsan-csr
60+
```
61+
62+
Fetch the issued certificate:
63+
-----------------------------
64+
```rs
65+
kubectl get csr asimehsan-csr -o jsonpath='{.status.certificate}' | base64 --decode > asimehsan.crt
66+
```
67+
68+
Take a look on current kubeconfig used:
69+
-------------------------------------
70+
```rs
71+
kubectl config view
72+
```
73+
74+
Take a look on the ssl certs directory:
75+
--------------------------------------
76+
```rs
77+
ls /etc/kubernetes/pki/
78+
```
79+
80+
Generate new kubeconfig file:
81+
-----------------------------
82+
```rs
83+
# Set Cluster Configuration:
84+
kubectl config set-cluster kubernetes --server=https://<API-Server-IP>:6443 --certificate-authority=/etc/kubernetes/pki/ca.crt --embed-certs=true --kubeconfig=asimehsan.kubeconfig
85+
86+
# Set Credentials for asimehsan:
87+
kubectl config set-credentials asimehsan --client-certificate=asimehsan.crt --client-key=asimehsan.key --embed-certs=true --kubeconfig=asimehsan.kubeconfig
88+
89+
# Set asimehsan Context:
90+
kubectl config set-context asimehsan-context --cluster=kubernetes --namespace=default --user=asimehsan --kubeconfig=asimehsan.kubeconfig
91+
92+
# Use asimehsan Context:
93+
kubectl config use-context asimehsan-context --kubeconfig=asimehsan.kubeconfig
94+
95+
96+
# Set KUBECONFIG environment variable pointing to asimehsan.kubeconfig
97+
export KUBECONFIG=<path>/asimehsan.kubeconfig
98+
99+
# Validate the user rights from admin user
100+
kubectl auth can-i list pods --as system:serviceaccount:dev:user1 -n dev
101+
kubectl auth can-i list pods --as asimehsan -n dev
102+
103+
# Validate by user directly
104+
kubectl auth can-i list pods -n dev
105+
```
106+
107+
108+
Reference
109+
---
110+
111+
-> https://github.com/asimehsan/devops-vu/blob/main/Install%20k8s%20locally/RBAC%20User%20.txt \
112+
-> https://youtu.be/w0X4h_etgxA?si=OJDhY_-2ApIo3d3t

0 commit comments

Comments
 (0)