Certificate API Practice

A new member akshay joined our team. He requires access to our cluster. The Certificate Signing Request is at the /root location.

Create a CertificateSigningRequest

1. Create a CertificateSigningRequest object with the name akshay with the contents of the akshay.csr file

As of kubernetes 1.19, the API to use for CSR is certificates.k8s.io/v1.

Please note that an additional field called signerName should also be added when creating CSR. For client authentication to the API server we will use the built-in signer kubernetes.io/kube-apiserver-client.

Use this command to generate the base64 encoded format as following:

cat akshay.csr | base64 -w 0

Finally, save the below YAML in a file and create a CSR name akshay as follows:

apiVersion: certificates.k8s.io/v1
kind: CertificateSigningRequest
  name: akshay
  - system:authenticated
  request: <Paste the base64 encoded value of the CSR file>
  signerName: kubernetes.io/kube-apiserver-client
  - client auth

kubectl apply -f akshay-csr.yaml

2. Approve the CSR Request

Run the command kubectl certificate approve akshay

3. How many CSR requests are available on the cluster?

Run the command kubectl get csr

4. Reject that request.

Run the command kubectl certificate deny agent-smith

5. Delete the new CSR object

Run the command kubectl delete csr agent-smith

Nguyễn Tiến Trường

Mình viết về những điều nhỏ nhặt trong cuộc sống, Viết về câu chuyện những ngày không có em