Skip to content
/ CreateUserInKubernetes Public

Creating a user in Kubernetes typically involves setting up authentication mechanisms to allow users to interact with the Kubernetes cluster securely

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

NashTech-Labs/CreateUserInKubernetes

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits

01CreateCertificate.yaml

01CreateCertificate.yaml

 
 

02CSR.yaml

02CSR.yaml

 
 

03ApproveCSR.yaml

03ApproveCSR.yaml

 
 

04kubeconfig.yaml

04kubeconfig.yaml

 
 

05AddingRBAC.yaml

05AddingRBAC.yaml

 
 

README.md

README.md

 
 

Repository files navigation

Creating a User in Kubernetes

This guide outlines the process of creating a user in Kubernetes with detailed steps. The user creation process involves generating certificates, creating a Certificate Signing Request (CSR), signing the certificate using the cluster Certificate Authority (CA), configuring a kubeconfig file, and adding Role-Based Access Control (RBAC) rules for the user or their group.

Prerequisites

  • Kubernetes cluster access with administrative privileges.
  • OpenSSL installed on your local machine or the system where you'll generate certificates.
  • kubectl command-line tool configured to communicate with your Kubernetes cluster.

Step-by-Step Guide

1. Generate Certificates for the User

Use OpenSSL to generate a certificate/key pair for the user. Run the following commands to generate the certificates:

openssl genrsa -out USER-NAME.key 2048
openssl req -new -key USER-NAME.key -out USER-NAME.csr -subj "/CN=USER-NAME"

Replace USER-NAME with the desired username for the Kubernetes user.

2. Create a Certificate Signing Request (CSR)

Create a Certificate Signing Request (CSR) using the generated key. This CSR will be used to request a certificate signed by the Kubernetes cluster's Certificate Authority (CA).

cat <<EOF | kubectl apply -f -
apiVersion: certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
  name: USER-NAME-csr
spec:
  request: $(cat USER-NAME.csr | base64 | tr -d '\n')
  signerName: kubernetes.io/kube-apiserver-client
  usages:
  - client auth
EOF

3. Sign the Certificate Using the Cluster Certificate Authority (CA)

Approve the Certificate Signing Request (CSR) and sign the certificate using the Kubernetes cluster's Certificate Authority (CA).

kubectl certificate approve USER-NAME-csr

Retrieve the signed certificate:

kubectl get csr USER-NAME-csr -o jsonpath='{.status.certificate}' | base64 -d > USER-NAME.crt

4. Create a Configuration Specific to the User

Create a kubeconfig file specific to the user. This file will contain the user's certificate, key, and other configuration details.

kubectl config set-credentials USER-NAME --client-certificate=USER-NAME.crt --client-key=USER-NAME.key
kubectl config set-context USER-NAME-context --cluster=<cluster-name> --user=USER-NAME
kubectl config use-context USER-NAME-context

Replace <cluster-name> with the name of your Kubernetes cluster.

5. Add RBAC Rules for the User or Their Group

Define Role-Based Access Control (RBAC) rules for the user or their group to determine what actions they can perform within the Kubernetes cluster.

kubectl create role <role-name> --verb=<verbs> --resource=<resources> --namespace=<namespace>
kubectl create rolebinding <rolebinding-name> --role=<role-name> --user=USER-NAME --namespace=<namespace>

Replace <role-name>, <verbs>, <resources>, and <namespace> with appropriate values.

About

Creating a user in Kubernetes typically involves setting up authentication mechanisms to allow users to interact with the Kubernetes cluster securely

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published