I am trying to give user access to Kubernetes using X.509 Client Certificate
I am using(subjectAltName= my_domain.com):
openssl req -new -newkey rsa:4096 -nodes -keyout Bob.key -out Bob.csr -subj "/C=DK/ST=Frb/L=Cph/O=engineering/CN=Bob" -addext "subjectAltName = DNS:my_domain.com"
kube/config:
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: <..Q0FURS0tLS0tCk..>
server: https://my_domain.com:<port>
name: bob
contexts:
- context:
cluster: bob
user: Bob
name: bob
current-context: bob
kind: Config
preferences: {}
users:
- name: Bob
user:
client-certificate: /home/cred/Bob.crt
client-key: /home/cred/Bob.key
Error:
Unable to connect to the server: x509: certificate is valid for control-plane,... not my_domain.com
Do you know how to make this work behind domain, where the local k8s server ip address is mapped?
As mentioned by Anant Swaraj, the solution is here question You need to add subjectAltName
to the kubeadm-config
and restart kube-apiserver