How To Create IAM USER For Kubernetes Cluster

openssl genrsa -out "Name you want".key 1024= make a private key
Eg:- openssl genrsa -out aditya.key 1024= make a private key
openssl req -new -key "your key file" -out "Name you want".csr= make csr certificate form key{After this it will ask varius things like name,email,state etc do fill it as you want but dont leave it blank}
Eg:-openssl req -new -key aditya.key -out aditya.csr= make csr cert form key
cd /etc/kubernetes/pki/ => head towards this drectoryopenssl x509 -req -in "your csr cert" -CA ca.crt -CAkey ca.key -  CAcreateserial -out "Name you want".crt= to make crt cert run in kubernates masterEg:-openssl x509 -req -in aditya.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out aditya.crt= to make crt cert  in master pc
cat <<EOF > /etc/yum.repos.d/kubernetes.repo[kubernetes]name=Kubernetesbaseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64enabled=1gpgcheck=1repo_gpgcheck=1gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpgEOFyum install -y kubectl
kubectl config — kubeconfig {anyname}.kubeconfig set-cluster "cluster name you want to give"— server https://yourip:6443 — certificate-authority=ca.crt= to make kubeconfig file
here yourip= kubernates master node ip(if using aws use public ip of instance where kubernates master running)
Eg:-kubectl config --kubeconfig aditya.kubeconfig set-cluster kubernetes --server https://yourip:6443 --certificate-authority=ca.crt= to make kubeconfig file
kubectl config — kubeconfig "your kubeconfig file" set-credentials "name you want to give for credential"— client-certificate "your crt certificate" — client-key "your private key" = to make credential
Eg:- kubectl config --kubeconfig aditya.kubeconfig set-credentials aditya --client-certificate aditya.crt --client-key aditya.key = to make credential
kubectl config set-context credentialname@clustername --user=credentialname --cluster clustername--kubeconfig "your kubeconfig file" => for setting context
Eg:-kubectl config set-context aditya@kubernetes --user=aditya --cluster awskubecluster --kubeconfig aditya.kubeconfig for setting context
kubectl config get-contexts --kubeconfig "your kubeconfig file"=> to see all the context in kubeconfig file
Eg:- kubectl config get-contexts --kubeconfig aditya.kubeconfig
kubectl config use-context "your context name" --kubeconfig "your kubeconfig file"=> to set current context
Eg:-kubectl config use-context aditya@kubernetes --kubeconfig aditya.kubeconfig
kubectl config current-context --kubeconfig "your kubeconfig file"
Eg:- kubectl config current-context --kubeconfig aditya.kubeconfig
rm /etc/kubernetes/pki/apiserver.*
kubeadm init phase certs all — apiserver-advertise-address=0.0.0.0 — apiserver-cert-extra-sans=aws public ip
docker rm -f `docker ps -q -f ‘name=k8s_kube-apiserver*’`
systemctl restart kubelet
kubectl create ns "namespace name you want"=> to create namespace
Eg:- kubectl create ns tech =>
kubectl create role "name you want to give to role" --verb="action you want user to perform" --resource="resource youwan" --namespace "name of your namespace" => to create role
Eg:-kubectl create role aditya-tech --verb=get,list --resource=pods --namespace tech
kubectl create rolebinding "name you want to give to rolebinding"
--role=a"role name" -n "namespace name" --user="for which user you want" => to create role binding
Eg:-kubectl create rolebinding aditya-tech-rolebinding --role=aditya-tech -n tech --user=aditya
kubectl -n tech edit role "your role name"=> to edit role your role and give different permisions to users
Eg:-kubectl -n tech edit role aditya-tech
kubectl get pods — — kubeconfig “your kubeconfig file name” -n “your namesace name”
Eg:-kubectl get pods — — kubeconfig aditya.kubeconfig -n tech

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store