kubernetes: CA file when deploying via kops

I've done it like this in the past:

Download the kops-generated CA certificate and signing key from S3:
- s3://<BUCKET_NAME>/<CLUSTER_NAME>/pki/private/ca/*.key
- s3://<BUCKET_NAME>/<CLUSTER_NAME>/pki/issued/ca/*.crt
Generate a client key: openssl genrsa -out client-key.pem 2048

Generate a CSR:

openssl req -new \  -key client-key.pem \  -out client-csr.pem \  -subj "/CN=<CLIENT_CN>/O=dev"`

Generate a client certificate:

openssl x509 -req \  -in client-csr.pem \  -CA <PATH_TO_DOWNLOADED_CA_CERT> \  -CAkey <PATH_TO_DOWNLOADED_CA_KEY> \  -CAcreateserial \  -out client-crt.pem \  -days 10000

Base64-encode the client key, client certificate, and CA certificate, and populate those values in a config.yml, e.g. this
Distribute the populated config.yml to your developers.

5 and 6 can obviously be distributed by whatever means you want, don't need to make the config.yml for your developers.

CodeHunter

kubernetes: CA file when deploying via kops

Recent Posts

How can I color dots in a xy scatterplot according to column value?

How to update a claim in ASP.NET Identity?

What does {0} mean when initializing an object?

Accessing members of items in a JSONArray with Java

How to log SQL statements in Spring Boot?

Powershell Get-WebSite name parameter is ignored

How to detect scroll to bottom of html element

Java synchronized method

How to test controllers with CodeIgniter?

Detect Visual Composer

Matplotlib: Specify format of floats for tick labels

Rails join a list of strings with commas and "and" before the last