mirrors
/
kubernetes-the-hard-way
mirror of https://github.com/kelseyhightower/kubernetes-the-hard-way
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #54 from rahulsoni43/patch-1 

Update 04-certificate-authority.md
pull/584/head
vpalazhi 2019-11-19 19:24:00 -05:00 committed by GitHub
parent 4fe0ff1921 af502dac9d
commit 5767f5613f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/04-certificate-authority.md
View File

@ -26,7 +26,6 @@ openssl req -new -key ca.key -subj "/CN=KUBERNETES-CA" -out ca.csr
# Self sign the csr using its own private key # Self sign the csr using its own private key
openssl x509 -req -in ca.csr -signkey ca.key -CAcreateserial -out ca.crt -days 1000 openssl x509 -req -in ca.csr -signkey ca.key -CAcreateserial -out ca.crt -days 1000
``` ```
Results: Results:
``` ```
@ -34,6 +33,8 @@ ca.crt
ca.key ca.key
``` ```
Reference : https://kubernetes.io/docs/concepts/cluster-administration/certificates/#openssl
The ca.crt is the Kubernetes Certificate Authority certificate and ca.key is the Kubernetes Certificate Authority private key. The ca.crt is the Kubernetes Certificate Authority certificate and ca.key is the Kubernetes Certificate Authority private key.
You will use the ca.crt file in many places, so it will be copied to many places. You will use the ca.crt file in many places, so it will be copied to many places.
The ca.key is used by the CA for signing certificates. And it should be securely stored. In this case our master node(s) is our CA server as well, so we will store it on master node(s). There is not need to copy this file to elsewhere. The ca.key is used by the CA for signing certificates. And it should be securely stored. In this case our master node(s) is our CA server as well, so we will store it on master node(s). There is not need to copy this file to elsewhere.