Add support to specify client cert and key files for authentication (kubelet --client-ca-file)

Question

Add support to specify client cert and key files for authentication (kubelet --client-ca-file)

zmedico opened this issue 4 years ago · comments

If the kubelet --client-ca-file option is used to require a client certificate, then kubeletctl needs a way to specify client cert and key files (analogous to curl --cert and --key arguments).

Zac Medico · Answer 1 · Tue May 19 2020 09:41:10 GMT+0800 (China Standard Time)

Acually, I see the support in 4948506, so I'll give that a try. Thank you!

I got it working with a kubeconfig like this:

apiVersion: v1
clusters:
- cluster:
    certificate-authority: /path/to/ca.pem
    server: https://localhost:10250
  name: localhost-cluster
contexts:
- context:
    cluster: localhost-cluster
    user: localhost
  name: localhost-cluster
current-context: localhost-cluster
kind: Config
preferences: {}
users:
- name: localhost
  user:
    client-certificate: /path/to/cert.pem
    client-key: /path/to/key.pem

Eviatar Gerzi · Answer 2 · Tue May 19 2020 14:28:38 GMT+0800 (China Standard Time)

Hey, I am planning also to add certificates without kubeconfig.
I will update once done.

Eviatar Gerzi · Answer 3 · Wed May 20 2020 14:07:14 GMT+0800 (China Standard Time)

I added support also for certificates files, you can use it like that:

kubeletctl.exe pods -s <node_ip> --cacert /etc/kubernetes/pki/ca.crt --cert /var/lib/kubelet/pki/kubelet-client-current.pem --key /var/lib/kubelet/pki/kubelet-client-current.pem