Name		Name	Last commit message	Last commit date
parent directory ..
Aggregated API Server Certificates		Aggregated API Server Certificates
MachineConfig Operator Certificates		MachineConfig Operator Certificates
Proxy Certificates		Proxy Certificates
Service Serving Certificates		Service Serving Certificates
etcd Certificates		etcd Certificates
etcd Metrics Certificates		etcd Metrics Certificates
kube-apiserver Client Certificates		kube-apiserver Client Certificates
kube-apiserver Serving Certificates		kube-apiserver Serving Certificates
README.md		README.md

README.md

Certificates in this OpenShift Cluster

Aggregated API Server Certificates

Used to secure connections between the kube-apiserver and aggregated API Servers.

MachineConfig Operator Certificates

TODO need to work out who and what.

Proxy Certificates

Used by the OpenShift platform to recognize the proxy. Other usages are side-effects which work by accident and not by principled design.

Service Serving Certificates

Used to secure inter-service communication on the local cluster.

etcd Certificates

Used to secure etcd internal communication and by apiservers to access etcd.

etcd Metrics Certificates

Used to access etcd metrics using mTLS.

kube-apiserver Client Certificates

Used by the kube-apiserver to recognize clients using mTLS.

kube-apiserver Serving Certificates

Used by kube-apiserver clients to recognize the kube-apiserver.