K8s-pki
Материал из noname.com.ua
Версия от 15:15, 26 октября 2021; Sirmax (обсуждение | вклад)
- https://kubernetes.io/docs/setup/best-practices/certificates/
- https://gist.github.com/detiber/81b515df272f5911959e81e39137a8bb
How certificates are used by your cluster
Kubernetes requires PKI for the following operations:
- Client certificates for the kubelet to authenticate to the API server
- Server certificate for the API server endpoint
- Client certificates for administrators of the cluster to authenticate to the API server
- Client certificates for the API server to talk to the kubelets
- Client certificate for the API server to talk to etcd
- Client certificate/kubeconfig for the controller manager to talk to the API server
- Client certificate/kubeconfig for the scheduler to talk to the API server.
- Client and server certificates for the front-proxy
Note: front-proxy certificates are required only if you run kube-proxy to support an extension API server. etcd also implements mutual TLS to authenticate clients and peers.
