-
|
The following documentation describes how the rke2.yaml file can be used for "Accessing the Cluster from Outside". https://docs.rke2.io/cluster_access Is it possible to generate a new rke2.yaml in case the file gets compromised? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Kubernetes does not support certificate revocation (doesn't check CRLs), so no there is no way to "revoke" the client certificate embedded in the admin kubeconfig. The RBAC for the admin user is baked into the apiserver and can't be removed either. Best practice would be to use something like Rancher to give your users individual access to the clusters, with RBAC and user identities that can be removed when access is to be terminated. |
Beta Was this translation helpful? Give feedback.
Kubernetes does not support certificate revocation (doesn't check CRLs), so no there is no way to "revoke" the client certificate embedded in the admin kubeconfig. The RBAC for the admin user is baked into the apiserver and can't be removed either.
Best practice would be to use something like Rancher to give your users individual access to the clusters, with RBAC and user identities that can be removed when access is to be terminated.