End-user Kubernetes workflow

To securely access a Kubernetes cluster, do the following:

1. To generate a kubectl kubeconfig file, which defines the user's permissions and accessible clusters, do one of the following:
   • Run this command:

     idsec sia k8s generate-kubeconfig
     

   • Use the -f flag to generate the config file in the specified path (this option overrides existing files with the same name):

     idsec sia k8s generate-kubeconfig -f ~/.kube
     

Refresh SSO certificate workflow

When you refresh the certificate, you can keep using its associated kubeconfig file and only need to refresh the MFA authentication data. To refresh the certificate, run one of the following:

• To generate two files (certificate and private key files), where the required -f flag defines the generated files' location:

  idsec sia sso short-lived-client-certificate -of file -f ~/home
  

• To print the certificate and private key to the console as plaintext:

  idsec sia sso short-lived-client-certificate -of raw
  

• To print the certificate and private key to the console as base64-encoded strings:

  idsec sia sso short-lived-client-certificate -of base64