Authenticating to the Kubernetes API with Client Certificates

The Kubernetes API supports optional client certificate authentication. To make use of it, you must:

Ensure that kube-apiserver has client certificate authentication enabled,
Generate a private key and request a client certificate using the Kubernetes API.
Configure your client to use the private key and certificate for authentication.

Before you begin, read about the mechanisms for requesting certificates.

Configuring client certificate authentication on kube-apiserver

TODO: List flags

Requesting a client certificate.

Last modified February 27, 2025 at 4:10 PM PST: Refactor Certificates Documentation (8ba16fc3e5)

Edit this page Create child page Create an issue Print entire section