From 2eb67b234da3413ee6e7bf3fd56ad0e175821cc2 Mon Sep 17 00:00:00 2001
From: Kelsey Hightower <kelsey.hightower@gmail.com>
Date: Thu, 7 Jul 2016 07:57:18 -0700
Subject: [PATCH] update docs

---
 docs/certificate-authority.md | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/docs/certificate-authority.md b/docs/certificate-authority.md
index f5e2f4a..2d484f8 100644
--- a/docs/certificate-authority.md
+++ b/docs/certificate-authority.md
@@ -8,7 +8,9 @@ This lab will setup a Certificate Authority and generated a single set of TLS ce
 * Kubernetes API Server
 * Kubernetes Kubelet
 
-In production you should strongly consider generating individual TLS certificates for each component.
+> In production you should strongly consider generating individual TLS certificates for each component.
+
+The TLS certificates in this lab will be copied to each machine running a Kubernetes components. 
 
 ## Install CFSSL
 
@@ -71,14 +73,15 @@ ca.csr
 ca.pem
 ```
 
+### Verification
+
 ```
 openssl x509 -in ca.pem -text -noout
 ```
 
-## Generate Server and Client Certs
-
-### Generate the kube-apiserver server cert
+## Generate the single Kubernetes TLS Cert
 
+In this section we will generate a TLS certificate that will be valid for all Kubernetes components. This is being done for ease of use. In production you should strongly consider generating individual TLS certificates for each component.
 
 ```
 echo '{
@@ -121,6 +124,16 @@ cfssl gencert \
 kubernetes-csr.json | cfssljson -bare kubernetes
 ```
 
+Results:
+
+```
+kubernetes-key.pem
+kubernetes.csr
+kubernetes.pem
+```
+
+### Verification
+
 ```
 openssl x509 -in kubernetes.pem -text -noout
 ```
\ No newline at end of file