mirrors/kubernetes-the-hard-way
1
0
Fork 0
mirror of https://github.com/kelseyhightower/kubernetes-the-hard-way.git synced 2025-11-04 10:12:35 +03:00
Code Issues Projects Releases Wiki Activity

update docs

Browse Source
This commit is contained in:
Kelsey Hightower
2016-07-07 07:52:54 -07:00
parent 5e5f0895c0
commit 15e824c1af
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
docs/certificate-authority.md
View File

@@ -1,12 +1,20 @@
# Certificate Authority # Setting up a Certificate Authority and TLS Cert Generation
In this lab you will setup the necessary PKI infrastructure to secure the Kuberentes components. This lab will leverage CloudFlare's PKI toolkit, [cfssl](https://github.com/cloudflare/cfssl), to bootstrap a Certificate Authority and generate TLS certificates. In this lab you will setup the necessary PKI infrastructure to secure the Kuberentes components. This lab will leverage CloudFlare's PKI toolkit, [cfssl](https://github.com/cloudflare/cfssl), to bootstrap a Certificate Authority and generate TLS certificates.
This lab will setup a Certificate Authority and generated a single set of TLS certificates that can be used to secure the following Kubernetes components:
* etcd
* Kubernetes API Server
* Kubernetes Kubelet
In production you should strongly consider generating individual TLS certificates for each component.
## Install CFSSL ## Install CFSSL
Follow the [CFSSL installation guide](https://github.com/cloudflare/cfssl#installation) and install `cfssl` and `cfssljson` binaries. Follow the [CFSSL installation guide](https://github.com/cloudflare/cfssl#installation) and install `cfssl` and `cfssljson` binaries.
## Initialize a CA ## Setting up a Certificate Authority
### Create the CA configuration file ### Create the CA configuration file