自分備忘録用メモ。Kubernetes で利用しているCertificate の確認。
Kubernetes certificate
- CA
- API Server Cert
- ETCD Server Cert
- API -> ETCD
- API -> kubelet
- Scheduler -> API
- Controller-manager -> API
- kubelet -> API
- kubelet server Cert
Control Plane Node
/etc/kubernetes/pki 配下
apiserver.crt #2 API Server Cert
apiserver-etcd-client.crt #4 API -> ETCD
apiserver-etcd-client.key
apiserver.key
apiserver-kubelet-client.crt #5 API -> kubelet
apiserver-kubelet-client.key
ca.crt #1 CA
ca.key
etcd
front-proxy-ca.crt
front-proxy-ca.key
front-proxy-client.crt
front-proxy-client.key
sa.key
sa.pub
/etc/kubernetes/pki/etcd 配下
.
..
ca.crt
ca.key
healthcheck-client.crt
healthcheck-client.key
peer.crt
peer.key
server.crt #3 ETCD Server Cert
server.key
/etc/kubernetes/scheduler.conf 内 #6 Scheduler -> API
/etc/kubernetes/controller-manager.conf 内 #7 Controller-manager -> API
Control Plane / Worker Node
/etc/kubernetes/kubelet.conf 内 #8 kubelet -> API
/var/lib/kubelet/pki 配下
..
..
kubelet-client-yyyy-mm-dd-hh-mm-ss.pem
kubelet-client-current.pem -> /var/lib/kubelet/pki/kubelet-client-yyyy-mm-dd-hh-mm-ss.pem
kubelet.crt #9 kubelet server Cert
kubelet.key
