| Component | Type | Certificate Path | CN Name | ALT Names | Organization | Issuer | Expiration | File Type | Purpose | Description |
|---|---|---|---|---|---|---|---|---|---|---|
| Certificate Authority | Server | /etc/kubernetes/pki/ca.crt | kubernetes | kubernetes | May 9 11:21:40 2029 GMT | Certificate | CA server root certificates for Kubernetes API Server | |||
| Certificate Authority | Server | /etc/kubernetes/pki/ca.key | Key | CA server root certificate key for Kubernetes API Server | ||||||
| kube-apiserver | Server | /etc/kubernetes/pki/apiserver.crt | kube-apiserver | DNS:masterDNS:kubernetesDNS:kubernetes.defaultDNS:kubernetes.default.svcDNS:kubernetes.default.svc.cluster.localIP Address:10.96.0.1IP Address:172.17.0.27 | kubernetes | Feb 11 05:39:20 2020 GMT | Certificate | Server Certificate | Certificate to serve Kube-api server | |
| kube-apiserver | Server | /etc/kubernetes/pki/apiserver.key | Key | Server Key | Key to serve Kube-api server | |||||
| kube-apiserver | Server | /etc/kubernetes/pki/ca.crt | kubernetes | kubernetes | Feb 8 05:39:19 2029 GMT | Certificate | Server CA Certificate | CA Certificate to validate clients connecting to Kube-API Server | ||
| kube-apiserver | Client (Kubelet) | /etc/kubernetes/pki/apiserver-kubelet-client.crt | kube-apiserver-kubelet-client | system:masters | kubernetes | Feb 11 05:39:20 2020 GMT | Certificate | Client Cert: Kube API Server to Kubelet | Client Certificate for Kube-API Server to connect to ETCD Server | |
| kube-apiserver | Client (Kubelet) | /etc/kubernetes/pki/apiserver-kubelet-client.key | Key | Client Key: Kube API Server to Kubelet | Client Key for Kube-API Server to connect to ETCD Server | |||||
| kube-apiserver | Client (Etcd) | /etc/kubernetes/pki/apiserver-etcd-client.crt | kube-apiserver-etcd-client | system:masters | kubernetes | Feb 11 05:39:22 2020 GMT | Certificate | Client Cert: Kube API Server to ETCD | Client Certificate for Kube-API Server to connect to ETCD Server | |
| kube-apiserver | Client (Etcd) | /etc/kubernetes/pki/apiserver-etcd-client.key | Key | Client Key: Kube API Server to ETCD | Client Key for Kube-API Server to connect to ETCD Server | |||||
| kube-apiserver | Client (Etcd) | /etc/kubernetes/pki/etcd/ca.crt | kubernetes | kubernetes | Feb 8 05:39:21 2029 GMT | Certificate | Client CA File: Kube API Server to ETCD | CA File to validate Kube-API server to ETCD Server Connectivity. The ETCD setup can have a separate CA | ||
| kubelet | Server | /var/lib/kubelet/pki/kubelet.crt | node01@1557660157 | Certificate | ||||||
| kubelet | Server | /var/lib/kubelet/pki/kubelet.key | Key | |||||||
| kubelet | Client | /var/lib/kubelet/pki/kubelet-client-2019-05-12-11-22-38.pem | system:node:node01 | system:nodes | kubernetes | May 11 11:18:00 2020 GMT | Certificate | |||
| kubelet | Client | Key | ||||||||
| Certificate Authority (ETCD) | Server | /etc/kubernetes/pki/etcd/ca.crt | kubernetes | kubernetes | May 9 11:21:42 2029 GMT | Certificate | CA Server root certificates for ETCD Server. (This could be the same as kube-api server or a separate one of its own.) | |||
| Certificate Authority (ETCD) | Server | /etc/kubernetes/pki/etcd/ca.key | Key | CA Server root certificate key for ETCD Server. (This could be the same as kube-api server or a separate one of its own.) | ||||||
| etcd-server | Certificate | |||||||||
| etcd-server | Key |
Created
December 15, 2019 12:20
-
-
Save travishen/661659c43fec8d470e2253ad813acc5a to your computer and use it in GitHub Desktop.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment