Difference between revisions of "Kube-root-ca.crt configMap"
Jump to navigation
Jump to search
Tags: Mobile web edit, Mobile edit |
Tags: Mobile web edit, Mobile edit |
||
| Line 9: | Line 9: | ||
If you want to use a custom certificate authority for your workloads, you should generate that CA separately, and distribute its CA certificate using a ConfigMap that your pods have access to read. | If you want to use a custom certificate authority for your workloads, you should generate that CA separately, and distribute its CA certificate using a ConfigMap that your pods have access to read. | ||
| + | == See also == | ||
* {{TLS}} | * {{TLS}} | ||
* {{K8s TLS}} | * {{K8s TLS}} | ||
| + | |||
| + | [[Category:K8s]] | ||
Revision as of 18:20, 27 March 2023
Note: Even though the custom CA certificate may be included in the filesystem (in the ConfigMap kube-root-ca.crt), you should not use that certificate authority for any purpose other than to verify internal Kubernetes endpoints. An example of an internal Kubernetes endpoint is the Service named kubernetes in the default namespace. If you want to use a custom certificate authority for your workloads, you should generate that CA separately, and distribute its CA certificate using a ConfigMap that your pods have access to read.
See also
Advertising:
