Difference between revisions of "Kube-root-ca.crt configMap"
Jump to navigation
Jump to search
Tags: Mobile web edit, Mobile edit |
|||
(10 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
{{lc}} | {{lc}} | ||
+ | kube-root-ca.crt [[configMap]] | ||
Line 5: | Line 6: | ||
Note: | Note: | ||
Even though the custom [[CA certificate]] may be included in the filesystem (in the ConfigMap kube-root-ca.crt), you should not use that | Even though the custom [[CA certificate]] may be included in the filesystem (in the ConfigMap kube-root-ca.crt), you should not use that | ||
− | certificate authority for any purpose other than to verify internal Kubernetes endpoints. An example of an internal Kubernetes endpoint is | + | certificate authority for any purpose other than to verify internal Kubernetes endpoints. An example of an internal [[Kubernetes endpoint]] is the Service named kubernetes in the default namespace. |
− | |||
If you want to use a custom certificate authority for your workloads, you should generate that CA separately, and distribute its CA certificate using a ConfigMap that your pods have access to read. | If you want to use a custom certificate authority for your workloads, you should generate that CA separately, and distribute its CA certificate using a ConfigMap that your pods have access to read. | ||
+ | [[kubectl apply]] | ||
+ | {{is missing}} | ||
− | {{K8s}} | + | |
+ | [[kubectl get configmaps -A]] | grep [[kube-root-ca.crt]] | ||
+ | aqua kube-root-ca.crt 1 7d20h | ||
+ | [[argocd]] kube-root-ca.crt 1 7d20h | ||
+ | [[cattle-dashboards]] kube-root-ca.crt 1 7d7h | ||
+ | cattle-fleet-system kube-root-ca.crt 1 7d20h | ||
+ | cattle-impersonation-system kube-root-ca.crt 1 7d20h | ||
+ | cattle-monitoring-system kube-root-ca.crt 1 4h29m | ||
+ | cattle-system kube-root-ca.crt 1 7d20h | ||
+ | default kube-root-ca.crt 1 7d20h | ||
+ | gatekeeper-system kube-root-ca.crt 1 7d20h | ||
+ | kube-node-lease kube-root-ca.crt 1 7d20h | ||
+ | kube-public kube-root-ca.crt 1 7d20h | ||
+ | kube-system kube-root-ca.crt 1 7d20h | ||
+ | local kube-root-ca.crt 1 7d20h | ||
+ | nginx-ingress kube-root-ca.crt 1 7d20h | ||
+ | nginx-k8s kube-root-ca.crt 1 7d20h | ||
+ | |||
+ | |||
+ | == Related == | ||
+ | [[kubectl get configmaps]] | ||
+ | |||
+ | == See also == | ||
+ | * {{Configmap}} | ||
+ | * {{K8s TLS}} | ||
+ | * {{TLS}} | ||
+ | |||
+ | [[Category:K8s]] |
Latest revision as of 10:55, 27 September 2023
kube-root-ca.crt configMap
Note: Even though the custom CA certificate may be included in the filesystem (in the ConfigMap kube-root-ca.crt), you should not use that certificate authority for any purpose other than to verify internal Kubernetes endpoints. An example of an internal Kubernetes endpoint is the Service named kubernetes in the default namespace. If you want to use a custom certificate authority for your workloads, you should generate that CA separately, and distribute its CA certificate using a ConfigMap that your pods have access to read.
kubectl apply Warning: resource configmaps/kube-root-ca.crt is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically. secret/default-token-7z4zd created Error from server (Conflict): error when applying patch: .../... to: Resource: "/v1, Resource=configmaps", GroupVersionKind: "/v1, Kind=ConfigMap" Name: "kube-root-ca.crt", Namespace: "your-namespace" for: "your.yaml": Operation cannot be fulfilled on configmaps "kube-root-ca.crt": the object has been modified; please apply your changes to the latest version and try again
kubectl get configmaps -A | grep kube-root-ca.crt aqua kube-root-ca.crt 1 7d20h argocd kube-root-ca.crt 1 7d20h cattle-dashboards kube-root-ca.crt 1 7d7h cattle-fleet-system kube-root-ca.crt 1 7d20h cattle-impersonation-system kube-root-ca.crt 1 7d20h cattle-monitoring-system kube-root-ca.crt 1 4h29m cattle-system kube-root-ca.crt 1 7d20h default kube-root-ca.crt 1 7d20h gatekeeper-system kube-root-ca.crt 1 7d20h kube-node-lease kube-root-ca.crt 1 7d20h kube-public kube-root-ca.crt 1 7d20h kube-system kube-root-ca.crt 1 7d20h local kube-root-ca.crt 1 7d20h nginx-ingress kube-root-ca.crt 1 7d20h nginx-k8s kube-root-ca.crt 1 7d20h
Related[edit]
kubectl get configmaps
See also[edit]
- ConfigMaps:
kubectl [ get | edit | describe | create | delete ] configmaps
,aws-auth
, Kustomize,kind: ConfigMap, ConfigMapRef, envFrom
- Kubernetes cert-manager,
kube-root-ca.crt
- TLS, mTLS: OpenSSL, LibreSSL, BoringSSL, WolfSSL, X.509,
.pem
, SNI, CT, OCSP, Mbed TLS, ALPN,your connection is not private
, SSL Certificate Checker, Wildcard certificate, JA3 fingerprint, sslcan, TLS inspection
Advertising: