Cloud/CKA
[CKA] Mock Test - 사용자 생성 및 롤 바인딩 ( CSR , Rolebinding )
westwith
2024. 6. 25. 22:46
728x90
공식 docs : https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/
Certificates and Certificate Signing Requests
Kubernetes certificate and trust bundle APIs enable automation of X.509 credential provisioning by providing a programmatic interface for clients of the Kubernetes API to request and obtain X.509 certificates from a Certificate Authority (CA). There is als
kubernetes.io
- 사용자 생성 및 롤바인딩
controlplane ~ ➜ cat /root/CKA/john.csr | base64 | tr -d "\n"
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ1ZEQ0NBVHdDQVFBd0R6RU5NQXNHQTFVRUF3d0VhbTlvYmpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRApnZ0VQQURDQ0FRb0NnZ0VCQUl6dUgvNWxZVnJOQnc3R1ZSSm9vNzFWT3pGazJYbW5Kb3lZZkFWU3lqZWZUUmNKCmJ2cUxDWTRNTndBM0tqSlVIVzd3NnpxdDZxSnNyVFE3amJUTHJVVXJmck00dUZUR1FrMlJkNTFxT2xQTnlvbHIKbzVXUCtPdlgvVTVOUnZpSG9aeXVvajd6UWJyOEVZWExBcXZZZFROcjc0alhlVkFnZFBjYkI2T0lYUE1aL3RYMgpVVEZvY2kxUDdqcWNkTloxMGZLY3dER2FpbFp0RzBldlVnTGFjOXNXd2tBYTMvZmk0cVVIVVZid0JuTGQ4Z04xClBZMWZhUVF4eDUrWkdxN0F3YkJtWXBVaDJCN2NNbE1VcTF3SElJdkRmS2p1WWxOZnI2TzZmWVpXRncya213RlEKU3hITy9TL2xHd1BBRVNPd2hCSEFnSEdjTXU2Z0c3c3F2NUdBeitzQ0F3RUFBYUFBTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQmUrZVlLU2pSNEpvT0JvS08yOFdXUHU4ZnRXYUpFak9DMDhHcWRvQ3N3MVVBeUloL2ZGeXhtCmp6cS9OcFh3blB1STRLV0JucGI4dGV3cGdVTDlOYlJNZUtLNkNwaytGZitmclZkY3k4ZktKdWhQWGxrdnRxK2UKZ1lVdlJJb0NHeGlaWU1lZHNNMy8rU1hwTFlWM0NzMlVudDl4dE91aTcvNWF1Tzh6SnRKQWJMV0hhZUtzaWxkMAptUzQ5WHFsUzNIOHBhVXpQV1dQaXR0UHN1MXhHS3UzZzFCK0padm0xWHkwbGhpTC82UVhCUXBYN0FVZ3VxenVVCndGRGc1S3JQMEhLaFZrWE5GM25WQzJ4dnU2cDdIVHhpRXNFMEkvZjZ0VXcvSXF2MFlzMWVwVEwyNi83dnJ1U1YKQjhldmtqSjFmeXRXNTVBc2dPREcrazdJSm5oWElxK0oKLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg==
controlplane ~ ➜ vi john-csr.yaml
controlplane ~ ➜ cat john-csr.yaml
<이미지 참고>
controlplane ~ ➜ k apply -f john-csr.yaml
certificatesigningrequest.certificates.k8s.io/john-developer created
controlplane ~ ➜ k certificate approve john-developer
certificatesigningrequest.certificates.k8s.io/john-developer approved
controlplane ~ ➜ k create role developer --verb=create,list,get,update,delete --resource=pods -n development
role.rbac.authorization.k8s.io/developer created
controlplane ~ ➜ k create rolebinding john-developer --role=developer --user=john -n development
rolebinding.rbac.authorization.k8s.io/john-developer created728x90