For all account you first need to copy the existing kube config. It looks like this
apiVersion: v1
clusters:
- cluster:
certificate-authority: <server certificate>
server: <server>:<port>
name: <cluster name>
contexts:
- context:
cluster: <cluster name>
user: <user>
name: <context name>
current-context: <context name>
kind: Config
preferences: {}
users:
- name: <user>
user:
client-certificate: <path to user certificate>
client-key: <path to user private key>- <server certificate>
- path to the server certificate you downloaded
- <server>
- IP or FQDN
- <port>
- port number
- <cluster name>
- must match the kubernetes cluster name
- <user>
- admin username
Existing Admin Account #
This creates a real admin identity using certificates (not a ServiceAccount token).
Step 1 – Create a private key #
openssl genpkey --algorithm RSA --pkeyopt rsa_keygen_bits:4096 --out server.keyStep 2 – Create a CSR (Certificate Signing Request) #
openssl req --new --key admin-user.key --out admin-user.csr --subj "/CN=admin-user/O=system:masters"