https://github.com/moabukar/CKS-Exercises-Certified-Kubernetes-Security-Specialist/tree/main => [https://github.com/moabukar/CKS-Exercises-Certified-Kubernetes-Security-Specialist/tree/main]
https://github.com/mikonoid/CKS-exam-cheat-sheets/tree/main => [https://github.com/mikonoid/CKS-exam-cheat-sheets/tree/main]
Command affiche détail de certificat:
➜ openssl x509 -in apiserver.crt -text -noout | grep CA
ETCD:
➜ openssl x509 -in /etc/kubernetes/pki/etcd/server.crt -text | grep CN
Issuer: CN = etcd-ca
Subject: CN = controlplane
Date d'experation:
➜ openssl x509 -in /etc/kubernetes/pki/apiserver.crt -text | grep -i Before
**Not Before: Jul 4 09:23:47 2025 GMT**
➜ openssl x509 -in /etc/kubernetes/pki/apiserver.crt -text | grep -i after
**Not After : Jul 4 09:28:47 2026 GMT**
create a CSR ```
cat akshay.csr | base64 -w 0
```
Finally, save the below YAML in a file and create a CSR name akshay as follows:
---
apiVersion: certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
name: akshay
spec:
groups:
- system:authenticated
request: <Paste the base64 encoded value of the CSR file>
signerName: kubernetes.io/kube-apiserver-client
usages:
- client auth
Apply la conf:
kubectl apply -f akshay-csr.yaml
Then:
kubectl certificate approve akshay
OR
kubectl certificate deny agent-smith
OR
kubectl delete csr agent-smith
**
Create secret with token:
**
apiVersion: v1
kind: ServiceAccount
metadata:
name: my-service-account
namespace: default
secrets:
- name: my-service-account-token
---
apiVersion: v1
kind: Secret
metadata:
name: my-service-account-token
namespace: default
annotations:
kubernetes.io/service-account.name: "my-service-account"
type: kubernetes.io/service-account-token