What is the use of private key in client certificates. Why do we send client private key in our api call to kube-apiserver ???
" curl https://kube-apiserver:6443/api/v1/pods --key admin.key --cert admin.crt --cacert ca.crt "
In above command, why are we sending –key admin.key ?
I understand that at admin client side, we generated a public key and sent it in a CSR to CA. Then CA signed it using its private key i.e ca.key and returned us admin.crt.
Now, when authenticating with kube-apiserver, we need to send admin.crt. Kube-apiserver should already have ca.crt to decrypt admin.crt, and check signature to authenticate the admin user.
I do not understand why are we sending admin.key to kube-apiserver. Am I missing something in my understanding ?
Thank you in adavance for your help !