Harden cluster ca certificate and leaf certificates

sdputurn · April 11, 2023, 5:35pm

Asking for help? Comment out what you need so we can get more information to help you!

Cluster information:

Kubernetes version: 1.24.9
Cloud being used: bare-metal
Installation method: hyperkube
Host OS: suse linux
CNI and version: canal
CRI and version: docker

we have some security requirements:

currently the kubernetes root CA TTL >= 10 years but key length is 2048. we want bit length >3000 for certificates having TTL >10 years
1.a is there any way to set the TTL value for k8s root CA?
1.b is there any way to set the RSA key length for k8s root CA?
is there any way to store k8s root CA private key in a secure place like HSM?
is there way to set TTL for kubelet and api-server certificate to 1 year. currently it’s 10 years.
is there any way to set TTL for scheduler and controller ?

the above requirements are even related to other deployment methods (like kubeadm). it’s a very generic question, so i have not provided much details on the environment setup.

please let me know if any more information required.

thanks,
Sandeep

Topic		Replies	Views
K8s cluster certificate renew for 30 years General Discussions	1	252	September 13, 2023
How to add trusted root certificate authority (CA) certificates during cluster deployment General Discussions	0	201	January 30, 2024
When I update k8s api and ca certificate valid time to ten years after k8s still have taint problem General Discussions docs	1	522	February 14, 2021
So confused of the ca configuration file, anyone help me out here? General Discussions	1	277	February 7, 2023
Certificates and Service Accounts in Kubernetes Cluster General Discussions	0	312	December 13, 2022

Harden cluster ca certificate and leaf certificates

Cluster information:

Related Topics