mirrors/kubernetes-the-hard-way
1
0
Fork 0
mirror of https://github.com/kelseyhightower/kubernetes-the-hard-way.git synced 2025-08-08 20:02:42 +03:00
Code Issues Projects Releases Wiki Activity

Merge pull request #54 from rahulsoni43/patch-1

Browse Source 
Update 04-certificate-authority.md
This commit is contained in:
vpalazhi
2019-11-19 19:24:00 -05:00
committed by GitHub
parent 4fe0ff1921 af502dac9d
commit 5767f5613f
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/04-certificate-authority.md
View File

@@ -26,7 +26,6 @@ openssl req -new -key ca.key -subj "/CN=KUBERNETES-CA" -out ca.csr
# Self sign the csr using its own private key # Self sign the csr using its own private key
openssl x509 -req -in ca.csr -signkey ca.key -CAcreateserial -out ca.crt -days 1000 openssl x509 -req -in ca.csr -signkey ca.key -CAcreateserial -out ca.crt -days 1000
``` ```
Results: Results:
``` ```
@@ -34,6 +33,8 @@ ca.crt
ca.key ca.key
``` ```
Reference : https://kubernetes.io/docs/concepts/cluster-administration/certificates/#openssl
The ca.crt is the Kubernetes Certificate Authority certificate and ca.key is the Kubernetes Certificate Authority private key. The ca.crt is the Kubernetes Certificate Authority certificate and ca.key is the Kubernetes Certificate Authority private key.
You will use the ca.crt file in many places, so it will be copied to many places. You will use the ca.crt file in many places, so it will be copied to many places.
The ca.key is used by the CA for signing certificates. And it should be securely stored. In this case our master node(s) is our CA server as well, so we will store it on master node(s). There is not need to copy this file to elsewhere. The ca.key is used by the CA for signing certificates. And it should be securely stored. In this case our master node(s) is our CA server as well, so we will store it on master node(s). There is not need to copy this file to elsewhere.