LAB05a: Create a Kubernetes User
LAB: Create a Kubernetes User via CertificateSigningRequest (CSR API)
Lab Goal
Prerequisites
STEP 1 — Generate Key + CSR Locally
STEP 2 — Base64 Encode the CSR
STEP 3 — Create the Kubernetes CSR Manifest
STEP 4 — Apply the CSR to Kubernetes
STEP 5 — Approve the CSR
STEP 6 — Extract the Signed Certificate
STEP 7 — Build a Custom Kubeconfig for John
1. Get cluster name:
2. Extract API server endpoint:
3. Extract CA certificate:
Build kubeconfig:
Set cluster:
Set user:
Set context:
STEP 8 — Test User Authentication (No RBAC Yet)
STEP 9 — Add RBAC Permissions
OPTION A — Namespace-limited read access:
OPTION B — Cluster-wide read access:
OPTION C — Full admin:
STEP 10 — Test RBAC
Check who you are:
Check allowed actions:
Try listing pods:
LAB COMPLETED — You Successfully Created a Kubernetes User via CSR API
Last updated