https://rancher.com/ logo
Title
a

abundant-noon-17295

03/16/2023, 6:24 AM
does it make any sense to use private CA signed certs for “internal” comms, ie. kubelets <-> apiserver?
c

creamy-pencil-82913

03/16/2023, 6:32 AM
Kubernetes clusters, rke2 included, use multiple private CAs to secure communication within the cluster. They are created automatically when rke2 first starts.
a

abundant-noon-17295

03/16/2023, 6:47 AM
thanks. just had another look at here https://github.com/k3s-io/k3s/blob/master/contrib/util/generate-custom-ca-certs.sh, got how it works now.