K
Q

How do I enable certificate based authentication when creating a cluster with kops?

6/28/2017

I am creating Kubernetes clusters on AWS with the help of the kops tool. I would like to require authentication with client certificates in order to connect to the cluster API, how can I enable this when creating a cluster with kops create cluster?.

My cluster creation command looks as follows, I would like to know how to modify it in order to enable client certificate authentication:

kops --state s3://example.com create cluster \
--zones eu-central-1a,eu-central-1b,eu-central-1c \
--master-zones eu-central-1a,eu-central-1b,eu-central-1c \
--topology private --networking flannel --master-size m4.large \
--node-size m4.large --node-count 2 --bastion --cloud aws \
--ssh-public-key id_rsa.pub --yes example.com
-- aknuds1
authentication
kops
kubernetes
ssl-certificate

Similar Questions

It's possible to create pods with different resources limit in one deployment?
How does oc delete pod work?
Why are GKE container ranges limited to the 10.x RFC1918 range?
failed to deploy kubernetes controller on google container engine

1 Answer

7/6/2017

Certificate based authentication is enabled by default in the Kubernetes API, the kubectl tool typically uses a certificate from its configuration file in order to authenticate the user. In order to create certificates to authenticate individual users, you need to get hold of the certificate authority key and certificate files belonging to the cluster, and sign new certificates with them.

-- aknuds1
Source: StackOverflow