LAB02a: Explore Kubernetes Configuration Files

1. List Kubernetes directory

ls -l /etc/kubernetes

Inspect:

cat /etc/kubernetes/admin.conf
cat /etc/kubernetes/kubelet.conf

Verify Cluster Certificate Details

1. Check API server certificate SANs:

openssl x509 -in /etc/kubernetes/pki/apiserver.crt -text -noout | grep -A2 "X509v3 Subject Alternative Name"

2. Check cluster CA fingerprint:

openssl x509 -in /etc/kubernetes/pki/ca.crt -fingerprint -sha256 -noout

This helps when you need tls-server-name.


Find Existing Users in Cluster

From kubeconfig

Check CSR of nodes:

You will see identities like:


Create a New Kubernetes User with Certificate Authentication

1. Generate key + CSR:

2. Sign CSR with Kubernetes CA:

3. Create kubeconfig for user:


Assign RBAC Permission to New User


Add New Cluster / Modify Cluster

List clusters:

Add a new cluster:


Validate Authentication Flow

Check who you are authenticated as:

Check allowed operations:

Last updated