K8S SSL Certificate Management
Opened this issue · 3 comments
haminhcong commented
- https://github.com/sbueringer/kubecon-slides/blob/master/slides/2017-kubecon-na/Certifik8s:%20All%20You%20Need%20to%20Know%20About%20Certificates%20in%20Kubernetes%20%5BI%5D%20-%20Alexander%20Brand%2C%20Apprenda%20-%20Certifik8s_%20All%20You%20Need%20to%20Know%20About%20Certificates%20in%20Kubernetes.pdf
- http://www.steves-internet-guide.com/ssl-certificates-explained/
- https://www.youtube.com/watch?v=gXz4cq3PKdg&t=887s
- https://kubernetes.io/docs/setup/best-practices/certificates/
- https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/
- https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/
- kubernetes-sigs/kubespray#5687
--apiserver-cert-extra-sans- SAN entries
haminhcong commented
Kubelet has these certificates:
- Server certs
- Kube api client certs
- Cluster
Where are these ceritification location ?
haminhcong commented
Note: kubelet.conf is not included in the list above because kubeadm configures kubelet for automatic certificate renewal.
https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/
haminhcong commented
kubeadm kubelet certificate location: /var/lib/kubelet/pki/
ls -al /var/lib/kubelet/pki/
-rw------- 1 root root 1139 kubelet-client-xxxx.pem
lrwxrwxrwx 1 root root 59 kubelet-client-current.pem -> /var/lib/kubelet/pki/kubelet-client-xxxx.pem
-rw-r--r-- 1 root root 2388 kubelet.crt
-rw------- 1 root root 1679 kubelet.key