Can someone please confirm, whether we need to add the user in kubeconfig (below . . .

Mayur Sharma:
can someone please confirm, whether we need to add the user in kubeconfig (below two steps) also in below scenario,

Create crt file

kubectl get csr john-developer -o jsonpath='{.status.certificate}'| base64 -d > john.crt

add to kubeconfig,

kubectl config set-credentials john --client-key=john.key --client-certificate=john.crt --embed-certs=true

Question,

Create a new user called john. Grant him access to the cluster. John should have permission to create, list, get, update and delete pods in the development namespace . The private key exists in the location: /root/CKA/john.key and csr at /root/CKA/john.csr

Mohamed Ayman:
In this question,
To get the request

  1. cat /root/CKA/john.csr | base64 | tr -d ā€œ\nā€
  2. vi certificate.yaml

apiVersion: http://certificates.k8s.io/v1beta1|certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
name: john-developer
spec:
request:
usages:

  • client auth
  1. kubectl apply -f certificate.yaml
  2. kubectl certificate approve john-developer
  3. kubectl create role developer --resource=pods --verb=create,list,get,update,delete --namespace=development
  4. kubectl create rolebinding developer-role-binding --role=developer --user=john --namespace=development
  5. kubectl auth can-i update pods --as=john --namespace=development