![]() In the multi-master mode, control plane components are automatically deployed in a fault-tolerant manner: kube-apiserver processes localhost requests.kube-apiserver only uses the etcd instance that is hosted on the same node.The CPM module supports control plane running in a single-master or multi-master mode. The CPM module automatically updates the kubeconfig configuration when certificates are changed. The client-side certificate for connecting kubelet to etcd for performing health-checks ( etcd/healthcheck-client.crt & etcd/healthcheck-client.key).Īlso, the CPM module lets you add the additional SANs to certificates (this way, you can quickly and effortlessly add more “entry points” to the Kubernetes API).The client-side certificate for connecting etcd to other cluster members ( etcd/peer.crt & etcd/peer.key).The server-side etcd certificate ( etcd/server.crt & etcd/server.key).The client-side certificate for connecting kube-apiserver to the extension API servers ( front-proxy-client.crt & front-proxy-client.key).The client-side certificate for connecting kube-apiserver to etcd ( apiserver-etcd-client.crt & apiserver-etcd-client.key).The client-side certificate for connecting kube-apiserver to kubelet ( apiserver-kubelet-client.crt & apiserver-kubelet-client.key).The server-side API server certificate ( apiserver.crt & apiserver.key).These certificates are stored on the nodes only: The CPM module issues, renews, and re-issues if something has changed (e.g., the SAN list). Client certificates for connecting control-plane components to each other.the root CA certificate for the extension API servers ( front-proxy-ca.key & front-proxy-ca.crt).the RSA certificate and the key for signing Service Accounts ( sa.pub & sa.key),.the root CA etcd certificate ( etcd/ca.crt & etcd/ca.key),. ![]()
0 Comments
Leave a Reply. |