我有一个EKS集群,我想为kubectl客户端执行基于证书的身份验证。
我通过以下方式生成了CSR:
openssl req -new -key developers.key -out developers.csr -subj "/CN=developers/O=company"
根据this link上载CSR,并通过以下方式批准证书:
kubectl certificate approve <certificate>
我下载了<certificate>.crt文件,并在kubeconfig文件中用作:
apiVersion: v1
kind: Config
preferences: {}
clusters:
- cluster:
certificate-authority-data: <base64-CA>
server: <cluster-endpoint>
name: <cluster-name>
contexts:
- context:
cluster: <context-name>
namespace: <namespace>
user: developers
name: developer-context
current-context: developer-context
users:
- name: developers
user:
# token: <token>
client-certificate-data: <base64 of Kubernetes signed certificate>
client-key-data: <base64 of developers.key>
请在此处加上缩进。那不是真正的问题。
但是,我仍然无法向集群进行身份验证:
the server doesn't have a resource type "pods"
OR
You must login to the cluster first.
知道我在这里缺少什么吗?