sigs.k8s.io/cluster-api@v1.7.1/docs/book/src/tasks/certs/generate-kubeconfig.md

sigs.k8s.io/cluster-api@v1.7.1/docs/book/src/tasks/certs/generate-kubeconfig.md (about)

     1  ## Generating a Kubeconfig with your own CA
     2  
     3  1. Create a new Certificate Signing Request (CSR) for the `admin` user with the `system:masters` Kubernetes role, or specify any other role under O.
     4  
     5     ```bash
     6     openssl req  -subj "/CN=admin/O=system:masters" -new -newkey rsa:2048 -nodes -keyout admin.key  -out admin.csr
     7     ```
     8  
     9  2. Sign the CSR using the *[cluster-name]-ca* key:
    10  
    11     ```bash
    12     openssl x509 -req -in admin.csr -CA tls.crt -CAkey tls.key -CAcreateserial -out admin.crt -days 5 -sha256
    13     ```
    14  
    15  3. Update your kubeconfig with the sign key:
    16  
    17     ```bash
    18     kubectl config set-credentials cluster-admin --client-certificate=admin.crt --client-key=admin.key --embed-certs=true
    19     ```