If you setup your cluster using RKE and would like to create more accounts that can access the cluster via the CLI.
This guide is a specialized form for Setup remote Access using x509 Certs
Simply copy new-user.sh into your rancher directory. That is the directory where you ran rke up. Typically this directory contains the following structure
├── cluster.rkestate
├── cluster.yml
The cluster.rkestate contains the cluster configuration including the Root CA which we need.
First you need to install jq. This is used for the Certificate Extraction
# Linux (Ubuntu)
sudo apt-get install jq
# MacOS
brew install jq
# Windows
choco install jqSimply run the script
./new-user.sh <username>The script will do the following
- Create new Public/Private Key pair for the User ("username")
- Extract the Kubernetes Certificates
- Sign the User's credential with the cluster Credentials
By default the script stores the credentials a kube.config file. You can either use directly or graft into your existing config at ~/.kube/config
If you want update your kube config directly you should set the $cluster and $username variables can execute the following
# Setup Variables
cluster="<clustername>"
username="<username>"
user_path="./accounts/$username"
# Add Credentials to kube config
kubectl config set-credentials $username --client-certificate="$user_path/user.crt" --client-key="$user_path/user.key" --embed-certs
# Setup local Context to kube config
kubectl config set-context "$username-context" --cluster=$cluster --namespace=default --user=$username