Generating Certificates
For an overview of the certificates Kubernetes requires and how they are used, see here.
Cluster CA
To generate the cluster CA and private key:
crit certs init --cert-dir /etc/kubernetes/pki
Certificates for Etcd
Etcd certificates can be generated using our e2d tool. See e2d pki.
Certificates and Kubeconfigs for Kubernetes Components
The following certificates and kubeconfigs can be created with crit. See the crit up
command.
/etc/kubernetes/
├── admin.conf
├── controller-manager.conf
├── kubelet.conf
├── pki
│ ├── apiserver-healthcheck-client.crt
│ ├── apiserver-healthcheck-client.key
│ ├── apiserver-kubelet-client.crt
│ ├── apiserver-kubelet-client.key
│ ├── apiserver.crt
│ ├── apiserver.key
│ ├── auth-proxy-ca.crt
│ ├── auth-proxy-ca.key
│ ├── ca.crt
│ ├── ca.key
│ ├── front-proxy-ca.crt
│ ├── front-proxy-ca.key
│ ├── front-proxy-client.crt
│ ├── front-proxy-client.key
│ ├── sa.key
│ └── sa.pub
└── scheduler.conf