I launched my Kubernetes cluster with KOPS and I’m curious how certificates has been generated and managed by KOPS.
I don’t know if KOPS or Kubernetes can help to keep them from expired.
I went the KOPS state store bucket, and I found a lot of CA certificates which terrified me as it is not single CA.
❯ aws s3 ls $KOPS_STATE_STORE/$CLUSTER/pki/issued/ PRE apiserver-aggregator-ca/ PRE apiserver-aggregator/ PRE apiserver-proxy-client/ PRE ca/ PRE kops/ PRE kube-controller-manager/ PRE kube-proxy/ PRE kube-scheduler/ PRE kubecfg/ PRE kubelet-api/ PRE kubelet/ PRE master/
I wonder how people manage those certificates and keep them from expired in Production. What Cert Tool can help us to achieve this. Thanks