How do I enable certificate based authentication when creating a cluster with kops?

1
votes

I am creating Kubernetes clusters on AWS with the help of the kops tool. I would like to require authentication with client certificates in order to connect to the cluster API, how can I enable this when creating a cluster with kops create cluster?.

My cluster creation command looks as follows, I would like to know how to modify it in order to enable client certificate authentication:

kops --state s3://example.com create cluster \
--zones eu-central-1a,eu-central-1b,eu-central-1c \
--master-zones eu-central-1a,eu-central-1b,eu-central-1c \
--topology private --networking flannel --master-size m4.large \
--node-size m4.large --node-count 2 --bastion --cloud aws \
--ssh-public-key id_rsa.pub --yes example.com
1
authenticationssl-certificatekuberneteskops

1 Answers

0
votes

Certificate based authentication is enabled by default in the Kubernetes API, the kubectl tool typically uses a certificate from its configuration file in order to authenticate the user. In order to create certificates to authenticate individual users, you need to get hold of the certificate authority key and certificate files belonging to the cluster, and sign new certificates with them.