I’m learning kubernetes and got 2 questions:
Question 1. I have no idea of the ca-config.json file, how do these fields(like “signing”, “profiles”, “client”, “peer” .etc) come from ? I checked almost the whole google and openssl official website and yet found nothing about it, could anyone help me out here? thanks!
“signing”: {
“default”: {
“expiry”: “175200h”
},
“profiles”: {
“server”: {
“expiry”: “175200h”,
“usages”: [
“signing”,
“key encipherment”,
“server auth”
]
},
“client”: {
“expiry”: “175200h”,
“usages”: [
“signing”,
“key encipherment”,
“client auth”
]
Question 2: I noticed kuberneters role name can be used in the “CN” field of csr.json for certificate signing, as
“CN”: “k8s-kubelet”,
“hosts”: [
“127.0.0.1”,
“10.4.7.10”
“CN”: “system:kube-proxy”,
“key”: {
“algo”: “rsa”,
“size”: 2048
How comes k8s role’s name can be used in the “CN” field ? Could any one explain to me about it or share the offical document link to me, thanks a lot!