search

cyberark / kubeletctl

A client for kubelet
Apache License 2.0
713 stars 81 forks source link

Add support to specify client cert and key files for authentication (kubelet --client-ca-file) #2

Closed zmedico closed 4 years ago

zmedico commented 4 years ago

If the kubelet --client-ca-file option is used to require a client certificate, then kubeletctl needs a way to specify client cert and key files (analogous to curl --cert and --key arguments).

zmedico commented 4 years ago

Acually, I see the support in 4948506b92a0337fe37405ecef64f1bdf6b9cc9f, so I'll give that a try. Thank you!

I got it working with a kubeconfig like this:

apiVersion: v1
clusters:
- cluster:
    certificate-authority: /path/to/ca.pem
    server: https://localhost:10250
  name: localhost-cluster
contexts:
- context:
    cluster: localhost-cluster
    user: localhost
  name: localhost-cluster
current-context: localhost-cluster
kind: Config
preferences: {}
users:
- name: localhost
  user:
    client-certificate: /path/to/cert.pem
    client-key: /path/to/key.pem
g3rzi commented 4 years ago

Hey, I am planning also to add certificates without kubeconfig. I will update once done.

g3rzi commented 4 years ago

I added support also for certificates files, you can use it like that:

kubeletctl.exe pods -s <node_ip> --cacert /etc/kubernetes/pki/ca.crt --cert /var/lib/kubelet/pki/kubelet-client-current.pem --key /var/lib/kubelet/pki/kubelet-client-current.pem