O'Reilly logo

Docker and Kubernetes for Java Developers by Jaroslaw Krochmalski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Client certificates

In order to use this scheme, the api-server needs to be started with the following switch:

--client-ca-file=<PATH_TO_CA_CERTIFICATE_FILE>

The CA_CERTIFICATE_FILE must contain one or more certificates authorities that can be used to validate client certificates presented to the api-server. The /CN (common name) of the client certificate is used as the username. Client certificates can also indicate a user's group memberships using the organization fields. To include multiple group memberships for a user you will need to include multiple organization fields in the certificate. For example, using the openssl command-line tool to generate a certificate signing request:

$ openssl req -new -key user.pem -out user-csr.pem \

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required