k8s 10: Secure kubectl communication

In the next few posts, we will secure the communication between each services one by one. In this first post, we will secure the communication between your local machine and API server (in my case in GCP), which goes across the internet and considered to be the most vulnerable part in our cluster at this moment. After completing this post, the cluster communication will be something like below.

Place certificate in directory

1. Move certificates/keys to relevance directory

In the previous post, I generated all the cert under /root/cert, let’s move them to appropriate directory.

[ controller-1 ]

Modify API server with certificate

1. Modify service file

Modify system service file so that it starts with appropriate keys

[ controller-1 ]

Modify kubectl

1. Generate kubeconfig file

[ controller-1 ]

Once kubeconfig is generated, you need to copy it to your local machine.

2. Confirm if the config works

[ Local Machine ]