K
Q

AWS EKS RBAC - Certificate based Auth

7/5/2019

I have an EKS cluster, I would like to perform certificate-based authentication for kubectl client.

I have generated a CSR with:

openssl req -new -key developers.key -out developers.csr -subj "/CN=developers/O=company"

Uploaded the CSR according to this link and approve the certificate with:

kubectl certificate approve <certificate>

I downloaded the <certificate>.crt file and used in the kubeconfig file as:

apiVersion: v1
kind: Config
preferences: {}

clusters:
  - cluster:
  certificate-authority-data: <base64-CA>
  server: <cluster-endpoint>
  name: <cluster-name>

contexts:
 - context:
   cluster: <context-name>
   namespace: <namespace>
   user: developers
   name: developer-context

current-context: developer-context

users:
 - name: developers
 user:
#    token: <token>
client-certificate-data: <base64 of Kubernetes signed certificate>
client-key-data: <base64 of developers.key>

Please bear with the indentations here. That's not the real issue.

But, I'm still not able to authenticate to the cluster says:

the server doesn't have a resource type "pods"

OR

You must login to the cluster first.

Any idea what I'm missing here?

-- Janshair Khan
aws-eks
kubectl
kubernetes
ssl

Similar Questions

What is the difference among kubernetes_sd_config (within prometheus) and metrics-server and kube-state-metrics?
How to prevent Kubernetes horizontal auto-scaler from scaling down?
Docker nginx reverse proxy on Kubernetes
Error: release helm-kibana-security failed: timed out waiting for the condition

0 Answers