Kubernetes is an open-source platform used for automating deployment, scaling, and management of containerized applications. In this tutorial, we will discuss how to create a root account in a Kubernetes cluster.
ClusterRoleBinding
crb.yml
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: tkjpedia-cluster-admin roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - apiGroup: rbac.authorization.k8s.io kind: Group name: tkjpedia:masters
k apply -f crb.yml
Create New User
Create k8s user using certificate
Generate a private key
openssl genrsa -out tkjpedia.key 4096
create a signing request
openssl req -new -key tkjpedia.key -out tkjpedia.csr -subj "/CN=tkjpedia/O=tkjpedia:masters"
encode signing request to base64
cat tkjpedia.csr | base64 | tr -d '\n'
create csr yaml file and apply to k8s cluster
csr.yml
apiVersion: certificates.k8s.io/v1 kind: CertificateSigningRequest metadata: name: tkjpedia-csr spec: groups: - system:authenticated request: base64-from-steps-above signerName: kubernetes.io/kube-apiserver-client usages: - digital signature - key encipherment - client auth
k apply -f csr.yml
Approve the signing request
k certificate approve tkjpedia-csr
view key and cert
KEY=`cat ${USERNAME}.key | base64 | tr -d '\n'`
CERT=`kubectl get csr ${USERNAME}-csr -o jsonpath='{.status.certificate}'`
echo $KEY
echo $CERT
create kube config file
apiVersion: v1
kind: Config
clusters:
- name: tkjpedia-cluster
cluster:
server: tkjpedia-cluster
certificate-authority-data: tkjpedia-cluster-certificate-authority-data
users:
- name: tkjpedia-admin
user:
client-certificate-data: from-command-above
client-key-data: from-command-above
contexts:
- name: tkjpedia-cluster-tkjpedia-admin
context:
user: tkjpedia-admin
cluster: tkjpedia-cluster
current-context: tkjpedia-cluster
Thank you.
