1. About K8s certificate
1.1 About cfssl tool
- cfss: The main tool for certificate issuance
- cfssl-json: Convert the certificate (json format) generated by cfssl into a file-bearing certificate
- cfssl-centinfo: Verification certificate information cfssl-certinfo -cert apiserver.pem
1.2 About kubeconfi files
- This is a profile for a K8s user
- It contains certificate information
- The certificate expires or is replaced, and the files to be replaced need to be synchronized
Convert key data into certificate prototype