K8s-pki: различия между версиями
Материал из noname.com.ua
Перейти к навигацииПерейти к поискуSirmax (обсуждение | вклад) |
Sirmax (обсуждение | вклад) |
||
Строка 1: | Строка 1: | ||
* https://kubernetes.io/docs/setup/best-practices/certificates/ |
* https://kubernetes.io/docs/setup/best-practices/certificates/ |
||
+ | * https://gist.github.com/detiber/81b515df272f5911959e81e39137a8bb |
||
Версия 14:15, 26 октября 2021
- https://kubernetes.io/docs/setup/best-practices/certificates/
- https://gist.github.com/detiber/81b515df272f5911959e81e39137a8bb
How certificates are used by your cluster
Kubernetes requires PKI for the following operations:
- Client certificates for the kubelet to authenticate to the API server
- Server certificate for the API server endpoint
- Client certificates for administrators of the cluster to authenticate to the API server
- Client certificates for the API server to talk to the kubelets
- Client certificate for the API server to talk to etcd
- Client certificate/kubeconfig for the controller manager to talk to the API server
- Client certificate/kubeconfig for the scheduler to talk to the API server.
- Client and server certificates for the front-proxy
Note: front-proxy certificates are required only if you run kube-proxy to support an extension API server. etcd also implements mutual TLS to authenticate clients and peers.