Provisioning Kubernetes User Certificates and RBAC Permissions with CFSSL
Store the cluster CA materials in a working directory:
mkdir -p /root/pki/
cp /opt/kubernetes/ssl/ca-key.pem /root/pki/
cp /opt/kubernetes/ssl/ca.pem /root/pki/
cp /root/k8s/cert/k8s/ca-config.json /root/pki/
The ca-config.json profile defines permitted key usages and an expiration window:
{
"signing": {
"default&quo ...
Posted on Mon, 18 May 2026 08:40:12 +0000 by englishtom
Understanding Role-Based Access Control in Kubernetes
Overview
All API objects in Kubernetes are persisted in etcd, but every operation on these objects must go through the kube-apiserver. The API server acts as the gatekeeper for authorization, and Kubernetes uses RBAC (Role-Based Access Control) as its authorization mechanism.
Core RBAC Concepts
Three fundamental conecpts form the foundation of ...
Posted on Wed, 13 May 2026 18:47:14 +0000 by CountryGirl