K8S 各个组件设计的证书总结

etcd 集群通信涉及到的证书

/opt/etcd/ssl/server.pem 
/opt/etcd/ssl/server-key.pem 
/opt/etcd/ssl/ca.pem 
ca-key.pem

kube-apiserver

/opt/kubernetes/cfg/token.csv 
/opt/kubernetes/ssl/server.pem 
/opt/kubernetes/ssl/server-key.pem 
/opt/kubernetes/ssl/ca.pem 
/opt/kubernetes/ssl/ca-key.pem 
/opt/etcd/ssl/ca.pem 
/opt/etcd/ssl/server.pem 
/opt/etcd/ssl/server-key.pem

kube-controller-manager

/opt/kubernetes/ssl/ca.pem 
/opt/kubernetes/ssl/ca-key.pem

kube-scheduler

使用 http 协议

kubelet

/opt/kubernetes/ssl/ca.pem
/opt/kubernetes/cfg/token.csv

kube-proxy

/opt/kubernetes/ssl/ca.pem
/opt/kubernetes/ssl/kube-proxy-key.pem  
/opt/kubernetes/ssl/kube-proxy.pem

kubeadm K8S 第二个 master 需要的证书列表

/etc/kubernetes/pki/ca.crt 
/etc/kubernetes/pki/ca.key 
/etc/kubernetes/pki/sa.key 
/etc/kubernetes/pki/sa.pub 
/etc/kubernetes/pki/front-proxy-ca.crt                                                                                                                                                                           
/etc/kubernetes/pki/front-proxy-ca.key 
/etc/etcd/ssl/ca.pem                                                                                                                                     
/etc/etcd/ssl/server.pem                                                                                                                                 
/etc/etcd/ssl/server-key.pem

posted @ 2021-08-26 10:34 klvchen 阅读(205) 评论(0) 收藏举报

刷新页面返回顶部

klvchen

K8S 各个组件设计的证书总结

etcd 集群通信涉及到的证书

kube-apiserver

kube-controller-manager

kube-scheduler

kubelet

kube-proxy

kubeadm K8S 第二个 master 需要的证书列表

公告