Correct Answer:
See the solution below in Explanation:
Explanation:
Step 1: Ensure the client certificate and private key files are available.
The lab uses audit.crt and tls.key.
Step 2: Run the command:
oc config set-credentials audit --client-certificate audit.crt --client-key tls.key --embed-certs --kubeconfig audit.config Step 3: Confirm the user entry is written.
The lab output shows:
User "audit" set.
Detailed explanation:
This command creates or updates the audit user entry inside the kubeconfig file audit.config. It points the user to a client certificate and private key, and the --embed-certs option stores certificate material directly inside the kubeconfig rather than only referencing external files. That makes the kubeconfig more portable because it can be moved and used without separately copying the certificate files, provided the embedded content is valid. In certificate-based authentication, the private key proves client possession while the certificate presents the approved identity. If the certificate and key do not match, authentication will fail. This step does not yet define what cluster or namespace the user works against; it only defines the credential identity.