github/container.training
1
0
Fork 0
mirror of https://github.com/jpetazzo/container.training.git synced 2026-03-02 01:10:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'control-plane-auth' into wwrk-2019-06

Browse Source
This commit is contained in:
Jerome Petazzoni
2019-06-02 09:56:12 -05:00
parent 3b4cf44634 42ed6fc56a
commit 20c4f65d09
1 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
slides/k8s/control-plane-auth.md
View File

@@ -40,9 +40,15 @@
- We will review the various communication channels in the control plane
- We will indicate how they are secured (client- and server-side)
- We will describe how they are secured
- For TLS
- When TLS certificates are used, we will indicate:
- which CA signs them
- what their subject (CN) should be, when applicable
- We will indicate how to configure security (client- and server-side)
---
@@ -146,7 +152,9 @@
(typically using the same CA as the API server)
- API server is started with flags `--kubelet-client-certificate` and `--kubelet-client-key`
- API server will use a dedicated key pair when contacting kubelet
(specified with `--kubelet-client-certificate` and `--kubelet-client-key`)
- Authorization uses webhooks