I want to provision an EV SSL certificate for a service that I want to run on Kubernetes.
The certificate authority that I want to use requires to generate a Certificate Signing Request (CSR) on the server where the certificate will be installed.
How do I do this for a service that I want to deploy on Kubernetes?
The request that you will have to issue is exactly the same as if you your application was not running on Kubernetes.
You are simply installing the certificate on a server running on Kubernetes and not on premise or on a Compute Engine instance, but you proceed as always, you can check the Kubernetes official documentation regarding SSL.
Consider that you can check also Kube-lego: - kube-lego automatically requests certificates for Kubernetes Ingress resources from Let's Encrypt, and it is recommended as well in the Google Cloud Documentation.
Check as well this SO question that contains a LOT of useful information.
CSR's are not specific to servers in anyway. A CSR contains data which can be specified on any old server and assuming you install the cert generated correctly, and keep hold of the private key, you can move them around and install them to your hearts content.
You just need to make sure you keep hold of the private key which is generated when you create the CSR.
A super super simple example of doing this with the OpenSSL command:
openssl req –new –newkey rsa:2048 –nodes –keyout server.key –out server.csr