# Kubernetes ## Creating an admin certificate for k3s Create the admin's private key: ``` openssl genpkey -algorithm ed25519 -out -key.pem ``` Create a CSR for the admin: ``` openssl req -new -key -key.pem -out .csr -subj "/CN=" ``` Create a Kubernetes CSR object on the cluster: ``` k3s kubectl create -f - <-csr spec: request: $(cat .csr | base64 | tr -d '\n') expirationSeconds: 307584000 # 10 years signerName: kubernetes.io/kube-apiserver-client usages: - digital signature - key encipherment - client auth EOF ``` Approve and sign the admin's CSR: ``` k3s kubectl certificate approve -csr ``` Extract the resulting signed certificate from the CSR object: ``` k3s kubectl get csr -csr -o jsonpath='{.status.certificate}' | base64 --decode > .crt ```