kubernetes 证书详解

类型

CA

CN

认证

描述

官方

Etcd

etcd/ca.crt,key

server.crt,key

server, client

对外提供服务

kube-etcd

peer.crt,key

server, client

节点相互通信的证书

kube-etcd-peer

healthcheck-client.crt,key

client

pod中Liveness探针客户端证书

kube-etcd-healthcheck-client

k8s

ca.crt,key

sa.pub,key

 

服务帐户密钥

 

apiserver.crt,key

server

apiserver 证书

kube-apiserver

apiserver-kubelet-client.crt,key

client

kubelet证书

kube-apiserver-kubelet-client

apiserver-etcd-client.crt,key

client

apiserver访问etcd的证书

kube-apiserver-etcd-client

 front-proxy-ca.crt,key

front-proxy-client.crt,key

client

用于前端代理

front-proxy-client

ETCD证书列表

etcd

|-- ca.crt

|-- ca.key

|-- peer.crt

|-- peer.key

|-- server.crt

|-- server.key

|-- healthcheck-client.crt

`-- healthcheck-client.key

Kubernetes证书列表

kubernetes

|-- ca.crt

|-- ca.key

|-- sa.key

|-- sa.pub

|-- apiserver.crt

|-- apiserver.key

|-- apiserver-etcd-client.crt

|-- apiserver-etcd-client.key

|-- apiserver-kubelet-client.crt

|-- apiserver-kubelet-client.key

|-- front-proxy-ca.crt

|-- front-proxy-ca.key

|-- front-proxy-client.crt

`-- front-proxy-client.key

Etcd证书

根证书

ca.crt ca.key

通信证书(Peer)

peer.crt peer.key

Etcd各个节点间相互通信的Peer证书,由根证书签发;

Server证书

server.crt server.key

Etcd对外提供服务,由根证书签发;

Liveness探针客户端证书

healthcheck-client.crt healthcheck-client.key

Kubernetes证书

根证书

ca.crt ca.key

Service Account 证书

sa.key sa.pub

ApiServer 证书

apiserver.crt apiserver.key

Kube-APIserver对外提供服务;

Kubelet 证书

apiserver-kubelet-client.crt apiserver-kubelet-client.key

代理根证书(Aggregation)

front-proxy-ca.crt front-proxy-ca.key

代理客户端证书

front-proxy-client.crt front-proxy-client.key

由代理根证书签发的客户端证书;

ApiServer 访问 ETCD的证书

apiserver-etcd-client.crt apiserver-etcd-client.key

你可能感兴趣的:(Kubernetes,kubernetes)