How certifcate based auth works ?
We use PKI certificates for authentication over TLS in Kubernetes. If we install Kubernetes with “kubeadm” command, the certificates that your cluster requires are automatically generated. You can also generate our own certificates.
How Certificates are used in Kubernetes Cluster:
- Client certificates for the kubelet to authenticate to the API server
- Server certificate for the API server endpoint
- Client certificates for administrators of the cluster to authenticate to the API server
- Client certificates for the API server to talk to the kubelet
- Client certificate for the API server to talk to etcd
- Client certificate/kubeconfig for the controller manager to talk to the API server
- Client certificate/kubeconfig for the scheduler to talk to the API server.
NOTE: If we install Kubernetes with kubeadm, certificates are stored in /etc/kubernetes/pki