Asking for help? Comment out what you need so we can get more information to help you!
Cluster information:
Kubernetes version: 1.24.9
Cloud being used: bare-metal
Installation method: hyperkube
Host OS: suse linux
CNI and version: canal
CRI and version: docker
we have some security requirements:
- currently the kubernetes root CA TTL >= 10 years but key length is 2048. we want bit length >3000 for certificates having TTL >10 years
1.a is there any way to set the TTL value for k8s root CA?
1.b is there any way to set the RSA key length for k8s root CA? - is there any way to store k8s root CA private key in a secure place like HSM?
- is there way to set TTL for kubelet and api-server certificate to 1 year. currently it’s 10 years.
- is there any way to set TTL for scheduler and controller ?
the above requirements are even related to other deployment methods (like kubeadm). it’s a very generic question, so i have not provided much details on the environment setup.
please let me know if any more information required.
thanks,
Sandeep