Default Kubernetes core components communication - is that and mTLS

Saleem_M · August 2, 2024, 5:43am

Hi -
This is relating to Kubernetes core components communication. As I understand and shown in the diagram, there is a TLS based communication across these core components ex. KubeAPIServer → ETCD or Kubelet → KubeAPIServer. Below are some of my questions …

As I see there are both client and server certificates in KubeAPIServer and Kubelet. Is this an mTLS communication ? (are both client and server validating each other with these certs)
If it is not mTLS then do we need client certificates ?
By default what secrets and service accounts are created when the cluster is configured. Is there a document that mentions those.

Thanks in advance …

Topic		Replies	Views
Need help in configuring a simple TLS/SSL within k8s cluster for pod to pod communication over https General Discussions	2	2949	June 1, 2021
Where does kubectl get its client certificate from when using https? General Discussions	0	411	February 5, 2021
Api sever logs General Discussions	3	1710	September 6, 2021
Kubernetes.io Docs: Requesting clarification General Discussions	0	466	October 23, 2019
Nginx ingress with host specific client-auth General Discussions minikube	0	832	May 26, 2021

Default Kubernetes core components communication - is that and mTLS

Related topics