From ef6a5f05f8bca0300058d47df24caf2820feeb57 Mon Sep 17 00:00:00 2001 From: Carl Date: Tue, 11 Jun 2019 11:30:39 -0700 Subject: [PATCH] clarify language around CSRs three changes: CSRs don't have expiry dates "-nodes" just means "no encryption" it's not really specific to DES the cert comes from the controller not the CSR --- slides/k8s/csr-api.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/slides/k8s/csr-api.md b/slides/k8s/csr-api.md index 2ad1a836..f462caab 100644 --- a/slides/k8s/csr-api.md +++ b/slides/k8s/csr-api.md @@ -62,7 +62,7 @@ This is what I do if I want to obtain a certificate. 2. Create a Certificate Signing Request (CSR). - (The CSR contains the identity that I claim and an expiration date.) + (The CSR contains the identity that I claim and a public key.) 3. Send that CSR to the Certificate Authority (CA). @@ -345,7 +345,7 @@ The command above generates: kctx - ``` -- Retrieve the certificate from the CSR: +- Retrieve the certificate from the controller: ```bash kubectl get csr users:jean.doe \ -o jsonpath={.status.certificate} \