You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+8-7
Original file line number
Diff line number
Diff line change
@@ -2,14 +2,15 @@
2
2
3
3
This is just a small program that can be used to create and approve a Client Signing Request in a Kubernetes cluster and then create a new kubeconfig based on that approved certificate.
4
4
5
-
The code is heavily based on [this article](https://medium.com/@elfakharany/automate-kubernetes-user-creation-using-the-native-go-client-e2d20dcdc9de) with some modifications for new CSR API versions and things I needed for this example.
5
+
The code is heavily based on [this article](https://medium.com/@elfakharany/automate-kubernetes-user-creation-using-the-native-go-client-e2d20dcdc9de) with some modifications for new CSR API versions and things I needed for this example. Setting `expirationSeconds` will add that to the CSR. Kubernetes servers tend to have upper limits for how long they'll issue a certificate for (although these times vary wildly), and generally `600` is the lower bound for what you can set.
6
6
7
-
It works based on the current context in a provided Kubeconfig file. If no file is provided then $HOME/.kube/config is used.
7
+
It connects to a cluster based on the current context in a provided Kubeconfig file. If no file is provided then $HOME/.kube/config is used.
8
8
9
-
There are three command line parameters
9
+
There are five command line parameters :-
10
10
11
-
*`--username` - The username for the certificate. This one is mandatory.
12
-
*`--group` - The group for the certificate. Defaults to none.
13
-
*`--kubeconfig` - The kubeconfig to use to connect to the cluster.
11
+
*`--username` - The username for the certificate. (MANDATORY)
12
+
*`--group` - The group for the certificate. Defaults to none. (OPTIONAL)
13
+
*`--kubeconfig` - The kubeconfig to use to connect to the cluster. Default is `$HOME/.kube/config` (OPTIONAL)
14
+
*`--output-file` - Filename for the output kubeconfig file. Default is [username].config (OPTIONAL)
15
+
*`--expirationSeconds` - Number of seconds for the certificate to be valid. If not specified this will take the server's default setting. (OPTIONAL)
14
16
15
-
The Kubeconfig file will have the filename of the user provided.
0 commit comments