There is a user `kubernetes-admin` got created when a cluster is provisioned usi . . .

Kubernetes
#1

Phani M:
There is a user kubernetes-admin got created when a cluster is provisioned using kubeadm way.
The config looks like shown below
Where is the path for cert, key and cacert for this Admin user

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: <https://192.168.56.2:6443>
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED

I tried to look at the usual path where the control plane certs are there, but couldn’t find admin.key, admin.cert

root@kubemaster:~# ls -lrt /etc/kubernetes/pki/
total 60
-rw------- 1 root root 1675 Feb 10 21:15 ca.key
-rw-r--r-- 1 root root 1066 Feb 10 21:15 ca.crt
-rw------- 1 root root 1675 Feb 10 21:15 apiserver.key
-rw-r--r-- 1 root root 1269 Feb 10 21:15 apiserver.crt
-rw------- 1 root root 1679 Feb 10 21:15 apiserver-kubelet-client.key
-rw-r--r-- 1 root root 1143 Feb 10 21:15 apiserver-kubelet-client.crt
-rw------- 1 root root 1679 Feb 10 21:15 front-proxy-ca.key
-rw-r--r-- 1 root root 1078 Feb 10 21:15 front-proxy-ca.crt
-rw------- 1 root root 1675 Feb 10 21:15 front-proxy-client.key
-rw-r--r-- 1 root root 1103 Feb 10 21:15 front-proxy-client.crt
drwxr-xr-x 2 root root 4096 Feb 10 21:15 etcd
-rw------- 1 root root 1679 Feb 10 21:15 apiserver-etcd-client.key
-rw-r--r-- 1 root root 1135 Feb 10 21:15 apiserver-etcd-client.crt
-rw------- 1 root root  451 Feb 10 21:15 sa.pub
-rw------- 1 root root 1675 Feb 10 21:15 sa.key
root@kubemaster:~#
#2

Tej_Singh_Rana:
Hello, @Phani M
Can you please confirm first? from the below command it will show the actual output. I don’t think so there is any kind of path defined. By default, from the kubeadm installation, certs and keys are already preconfigured in the config file. If you wanna add a new user with path then you can define through kubectl config set-credentials command.

kuebctl config view --flatten
#3

Phani M:
Thank you @Tej_Singh_Rana after using above flatten saved the certs and key to individual files in /tmp directory. Using these, was able to execute the curl command from the kubemaster node.

vagrant@kubemaster:/tmp$ curl <https://192.168.56.2:6443/api/v1/pods> --key clientkey.key --cert clientcert.crt --cacert cacert.crt

Same thing worked fine with /api/v1/nodes