ABAC users and tokens #11
Description
Hello,
I read your tutorial Kubernetes-The-Hard-Way-on-BareMetal.md which is complete and very useful, so thank you very much !
I have an issue that I am still struggling with. In authorization section you provide a file "authorization-policy.jsonl" which is here to define some users and their rights if I am not mistaken. Then your provide a file "token.csv" with the exact same users and a token . Based on this I'm able to start my cluster and everything works !
Now I want to be able to type kubectl XXX from my PC. So I did a config file in .kube folder using admin user and chAng3m3 as a token (same info as in the tutorial). Giving CA cert ect... it worked !
This is my question, how can I use client-certificate and client-key instead of token in my kubectl config file ? I've tried to create special certs for this new user "my user", add him in authorization-policy.jsonl with the same rights as the admin but I never succeeded => "kubectl get pods
Error from server (Forbidden): pods is forbidden: User "system:anonymous" cannot list pods in the namespace "default": No policy matched."
Thank you in advance for your help !