README
¶
A lightweight REST service written in Go leveraging the Gin framework that automates the toil of creating Kubernetes x509 certificates for users. KubeCSR is meant to make the entire process super simple and performs the following functions in one swift action:
- Creates an x509 Certificate Request (CSR) and a 2048-bit RSA Private Key
- Generates and submits a Kubernetes CSR leveraging an administrative base64 encoded
Kubeconfigpassed into the request body - Automatically approves the Kubernetes CSR
- Pulls the approved user certificate from the
KubernetesCSR - Extracts details like the cluster, server address, certificate CA, and other info from the administrative
Kubeconfig - Returns a freshly generated base64 encoded user
Kubeconfigthat can be decoded and used to authenticate with the targetKubernetescluster
Basic Example
{
"certificateRequest": {
"user": "timmy"
},
"kubeconfig": "<BASE64_ENCODED_ADMIN_KUBECONFIG>"
}
Full Example wtih Groups
This example will create the
Kubernetesuserlindawho will be part of thedevopsgroup. If usingRBACthenKubernetesroles and rolebindings can then be associated with thedevopsgroup so thatlindawould inherit the permissions from anywhere thatdevopsis assigned.
{
"certificateRequest": {
"country": [
"United States"
],
"locality": [
"Los Angeles"
],
"organization": [
"devops"
],
"organizationUnit": [
"IT"
],
"postalCode": [
"55555"
],
"streetAddress": [
"123 Main St."
],
"user": "linda"
},
"kubeconfig": "<BASE64_ENCODED_ADMIN_KUBECONFIG>"
}
Documentation
¶
There is no documentation for this package.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.