access granting proces
- create user cert
openssl genrsa -out amit.key 2048 - create CSR
openssl req -new -key amit.key -subj "/CN=jane" -out amit.csr - encode CSR
cat amit.csr |base64
# amit.yaml
apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
name: amit
spec:
groups:
- system:authenticated
usages:
- digital signature
- key encipherment
- server auth
request:
<certificate-goes-here>kubectl create -f amit.yaml- list the csr
kubectl get csr - Approve the request
kubectl certificate approve amit - View the certificate
kubectl get csr amit -o yaml - Decode it
echo "<certificate>" | base64 --decode
