Name	Name	Last commit message	Last commit date
parent directory ..
README.md	README.md
cert-flow.dot	cert-flow.dot
cert-flow.json	cert-flow.json
cert-flow.png	cert-flow.png
cert-flow.svg	cert-flow.svg
subca-1200332453.dot	subca-1200332453.dot
subca-1200332453.png	subca-1200332453.png
subca-1227797221.dot	subca-1227797221.dot
subca-1227797221.png	subca-1227797221.png
subca-1996114968.dot	subca-1996114968.dot
subca-1996114968.png	subca-1996114968.png
subca-2106850666.dot	subca-2106850666.dot
subca-2106850666.png	subca-2106850666.png
subca-243537112.dot	subca-243537112.dot
subca-243537112.png	subca-243537112.png
subca-2747639387.dot	subca-2747639387.dot
subca-2747639387.png	subca-2747639387.png
subca-3029819952.dot	subca-3029819952.dot
subca-3029819952.png	subca-3029819952.png
subca-3228260836.dot	subca-3228260836.dot
subca-3228260836.png	subca-3228260836.png
subca-3938274656.dot	subca-3938274656.dot
subca-3938274656.png	subca-3938274656.png
subcert-admin-kubeconfig-signer7222735057655048698.png	subcert-admin-kubeconfig-signer7222735057655048698.png
subcert-admin-kubeconfig-signer::7222735057655048698.dot	subcert-admin-kubeconfig-signer::7222735057655048698.dot
subcert-kube-apiserver-to-kubelet-signer4625455856882909939.png	subcert-kube-apiserver-to-kubelet-signer4625455856882909939.png
subcert-kube-apiserver-to-kubelet-signer::4625455856882909939.dot	subcert-kube-apiserver-to-kubelet-signer::4625455856882909939.dot
subcert-kube-control-plane-signer166872611610237721.png	subcert-kube-control-plane-signer166872611610237721.png
subcert-kube-control-plane-signer::166872611610237721.dot	subcert-kube-control-plane-signer::166872611610237721.dot
subcert-kube-csr-signer_1622133566597605536139228657.png	subcert-kube-csr-signer_1622133566597605536139228657.png
subcert-kube-csr-signer_@1622133566::597605536139228657.dot	subcert-kube-csr-signer_@1622133566::597605536139228657.dot
subcert-kubelet-bootstrap-kubeconfig-signer.dot	subcert-kubelet-bootstrap-kubeconfig-signer.dot
subcert-kubelet-bootstrap-kubeconfig-signer.png	subcert-kubelet-bootstrap-kubeconfig-signer.png
subcert-kubelet-signer188140830361177612.png	subcert-kubelet-signer188140830361177612.png
subcert-kubelet-signer::188140830361177612.dot	subcert-kubelet-signer::188140830361177612.dot
subcert-openshift-kube-apiserver-operator_node-system-admin-signer16221335676813199752010173373.png	subcert-openshift-kube-apiserver-operator_node-system-admin-signer16221335676813199752010173373.png
subcert-openshift-kube-apiserver-operator_node-system-admin-signer@1622133567::6813199752010173373.dot	subcert-openshift-kube-apiserver-operator_node-system-admin-signer@1622133567::6813199752010173373.dot
subcert-system:admin::8705727548059760835.dot	subcert-system:admin::8705727548059760835.dot
subcert-system:control-plane-node-admin::6179025970239051547.dot	subcert-system:control-plane-node-admin::6179025970239051547.dot
subcert-system:kube-apiserver::5314078629756554094.dot	subcert-system:kube-apiserver::5314078629756554094.dot
subcert-system:kube-controller-manager::6600108110361186331.dot	subcert-system:kube-controller-manager::6600108110361186331.dot
subcert-system:kube-scheduler::210021322621676919.dot	subcert-system:kube-scheduler::210021322621676919.dot
subcert-system:serviceaccount:openshift-kube-apiserver:check-endpoints::7616933575479319771.dot	subcert-system:serviceaccount:openshift-kube-apiserver:check-endpoints::7616933575479319771.dot
subcert-systemadmin8705727548059760835.png	subcert-systemadmin8705727548059760835.png
subcert-systemcontrol-plane-node-admin6179025970239051547.png	subcert-systemcontrol-plane-node-admin6179025970239051547.png
subcert-systemkube-apiserver5314078629756554094.png	subcert-systemkube-apiserver5314078629756554094.png
subcert-systemkube-controller-manager6600108110361186331.png	subcert-systemkube-controller-manager6600108110361186331.png
subcert-systemkube-scheduler210021322621676919.png	subcert-systemkube-scheduler210021322621676919.png
subcert-systemserviceaccountopenshift-kube-apiservercheck-endpoints7616933575479319771.png	subcert-systemserviceaccountopenshift-kube-apiservercheck-endpoints7616933575479319771.png

kube-apiserver Client Certificates

Used by the kube-apiserver to recognize clients using mTLS.

Signing Certificate/Key Pairs
Serving Certificate/Key Pairs
Client Certificate/Key Pairs
Certificates Without Keys
- kubelet-bootstrap-kubeconfig-signer
Certificate Authority Bundles

Signing Certificate/Key Pairs

admin-kubeconfig-signer

Property	Value
Type	Signer
CommonName	admin-kubeconfig-signer
SerialNumber	7222735057655048698
Issuer CommonName	admin-kubeconfig-signer
Validity	10y
Signature Algorithm	SHA256-RSA
PublicKey Algorithm	RSA 2048 bit
Usages	- KeyUsageDigitalSignature - KeyUsageKeyEncipherment - KeyUsageCertSign
ExtendedUsages

admin-kubeconfig-signer Locations

Namespace	Secret Name

File	Permissions	User	Group	SE Linux
/etc/kubernetes/kubelet-ca.crt/kubelet-ca.crt	-rw-r--r--.	root	root	system_u:object_r:kubernetes_file_t:s0

kube-apiserver-to-kubelet-signer

Signer for the kube-apiserver-to-kubelet-client so kubelets can recognize the kube-apiserver.

Property	Value
Type	Signer
CommonName	kube-apiserver-to-kubelet-signer
SerialNumber	4625455856882909939
Issuer CommonName	kube-apiserver-to-kubelet-signer
Validity	365d
Signature Algorithm	SHA256-RSA
PublicKey Algorithm	RSA 2048 bit
Usages	- KeyUsageDigitalSignature - KeyUsageKeyEncipherment - KeyUsageCertSign
ExtendedUsages

kube-apiserver-to-kubelet-signer Locations

Namespace	Secret Name
openshift-kube-apiserver-operator	kube-apiserver-to-kubelet-signer

File	Permissions	User	Group	SE Linux

kube-control-plane-signer

Signer for kube-controller-manager and kube-scheduler client certificates.

Property	Value
Type	Signer
CommonName	kube-control-plane-signer
SerialNumber	166872611610237721
Issuer CommonName	kube-control-plane-signer
Validity	365d
Signature Algorithm	SHA256-RSA
PublicKey Algorithm	RSA 2048 bit
Usages	- KeyUsageDigitalSignature - KeyUsageKeyEncipherment - KeyUsageCertSign
ExtendedUsages

kube-control-plane-signer Locations

Namespace	Secret Name
openshift-kube-apiserver-operator	kube-control-plane-signer

File	Permissions	User	Group	SE Linux

kube-controller-manager-csr-signer-signer

Signer used by the kube-controller-manager-operator to sign signing certificates for the CSR API.

Property	Value
Type	Signer
CommonName	kubelet-signer
SerialNumber	188140830361177612
Issuer CommonName	kube-controller-manager-csr-signer-signer
Validity	24h
Signature Algorithm	SHA256-RSA
PublicKey Algorithm	RSA 2048 bit
Usages	- KeyUsageDigitalSignature - KeyUsageKeyEncipherment - KeyUsageCertSign
ExtendedUsages

kube-controller-manager-csr-signer-signer Locations

Namespace	Secret Name
openshift-kube-controller-manager-operator	csr-signer-signer

File	Permissions	User	Group	SE Linux

kube-controller-manager-csr-signer

Signer used by the kube-controller-manager to sign CSR API requests.

Property	Value
Type	Signer
CommonName	kube-csr-signer_@1622133566
SerialNumber	597605536139228657
Issuer CommonName	kube-controller-manager-csr-signer-signer
Validity	23h
Signature Algorithm	SHA256-RSA
PublicKey Algorithm	RSA 2048 bit
Usages	- KeyUsageDigitalSignature - KeyUsageKeyEncipherment - KeyUsageCertSign
ExtendedUsages

kube-controller-manager-csr-signer Locations

Namespace	Secret Name
openshift-kube-controller-manager	csr-signer
openshift-kube-controller-manager-operator	csr-signer

File	Permissions	User	Group	SE Linux
/etc/kubernetes/static-pod-resources/kube-controller-manager-certs/secrets/csr-signer/tls.crt/tls.crt	-rw-------.	root	root	system_u:object_r:kubernetes_file_t:s0
/etc/kubernetes/static-pod-resources/kube-controller-manager-certs/secrets/csr-signer/tls.crt/tls.key	-rw-------.	root	root	system_u:object_r:kubernetes_file_t:s0

per-master-debugging-signer

Signer for the per-master-debugging-client.

Property	Value
Type	Signer
CommonName	openshift-kube-apiserver-operator_node-system-admin-signer@1622133567
SerialNumber	6813199752010173373
Issuer CommonName	per-master-debugging-signer
Validity	365d
Signature Algorithm	SHA256-RSA
PublicKey Algorithm	RSA 2048 bit
Usages	- KeyUsageDigitalSignature - KeyUsageKeyEncipherment - KeyUsageCertSign
ExtendedUsages

per-master-debugging-signer Locations

Namespace	Secret Name
openshift-kube-apiserver-operator	node-system-admin-signer

File	Permissions	User	Group	SE Linux

Serving Certificate/Key Pairs

Client Certificate/Key Pairs

per-master-debugging-client

Client certificate (system:masters) placed on each master to allow communication to kube-apiserver for debugging.

Property	Value
Type	Client
CommonName	system:admin
SerialNumber	8705727548059760835
Issuer CommonName	per-master-debugging-signer
Validity	120d
Signature Algorithm	SHA256-RSA
PublicKey Algorithm	RSA 2048 bit
Usages	- KeyUsageDigitalSignature - KeyUsageKeyEncipherment
ExtendedUsages	- ExtKeyUsageClientAuth
Organizations (User Groups)	- system:masters

per-master-debugging-client Locations

Namespace	Secret Name
openshift-kube-apiserver-operator	node-system-admin-client

File	Permissions	User	Group	SE Linux

system:control-plane-node-admin

Property	Value
Type	Client
CommonName	system:control-plane-node-admin
SerialNumber	6179025970239051547
Issuer CommonName	kube-control-plane-signer
Validity	30d
Signature Algorithm	SHA256-RSA
PublicKey Algorithm	RSA 2048 bit
Usages	- KeyUsageDigitalSignature - KeyUsageKeyEncipherment
ExtendedUsages	- ExtKeyUsageClientAuth
Organizations (User Groups)	- system:masters

system:control-plane-node-admin Locations

Namespace	Secret Name
openshift-kube-apiserver	control-plane-node-admin-client-cert-key

File	Permissions	User	Group	SE Linux
/etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/control-plane-node-admin-client-cert-key/tls.crt/tls.crt	-rw-------.	root	root	system_u:object_r:kubernetes_file_t:s0
/etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/control-plane-node-admin-client-cert-key/tls.crt/tls.key	-rw-------.	root	root	system_u:object_r:kubernetes_file_t:s0

kube-apiserver-to-kubelet-client

Client certificate used by the kube-apiserver to authenticate to the kubelet for requests like exec and logs.

Property	Value
Type	Client
CommonName	system:kube-apiserver
SerialNumber	5314078629756554094
Issuer CommonName	kube-apiserver-to-kubelet-signer
Validity	30d
Signature Algorithm	SHA256-RSA
PublicKey Algorithm	RSA 2048 bit
Usages	- KeyUsageDigitalSignature - KeyUsageKeyEncipherment
ExtendedUsages	- ExtKeyUsageClientAuth
Organizations (User Groups)	- kube-master

kube-apiserver-to-kubelet-client Locations

Namespace	Secret Name
openshift-kube-apiserver	kubelet-client
openshift-kube-apiserver	kubelet-client-2
openshift-kube-apiserver	kubelet-client-3
openshift-kube-apiserver	kubelet-client-4

File	Permissions	User	Group	SE Linux
/etc/kubernetes/static-pod-resources/kube-apiserver-pod-2/secrets/kubelet-client/tls.crt/tls.crt	-rw-------.	root	root	system_u:object_r:kubernetes_file_t:s0
/etc/kubernetes/static-pod-resources/kube-apiserver-pod-2/secrets/kubelet-client/tls.crt/tls.key	-rw-------.	root	root	system_u:object_r:kubernetes_file_t:s0
/etc/kubernetes/static-pod-resources/kube-apiserver-pod-3/secrets/kubelet-client/tls.crt/tls.crt	-rw-------.	root	root	system_u:object_r:kubernetes_file_t:s0
/etc/kubernetes/static-pod-resources/kube-apiserver-pod-3/secrets/kubelet-client/tls.crt/tls.key	-rw-------.	root	root	system_u:object_r:kubernetes_file_t:s0
/etc/kubernetes/static-pod-resources/kube-apiserver-pod-4/secrets/kubelet-client/tls.crt/tls.crt	-rw-------.	root	root	system_u:object_r:kubernetes_file_t:s0
/etc/kubernetes/static-pod-resources/kube-apiserver-pod-4/secrets/kubelet-client/tls.crt/tls.key	-rw-------.	root	root	system_u:object_r:kubernetes_file_t:s0

kube-controller-manager-client

Client certificate used by the kube-controller-manager to authenticate to the kube-apiserver.

Property	Value
Type	Client
CommonName	system:kube-controller-manager
SerialNumber	6600108110361186331
Issuer CommonName	kube-control-plane-signer
Validity	30d
Signature Algorithm	SHA256-RSA
PublicKey Algorithm	RSA 2048 bit
Usages	- KeyUsageDigitalSignature - KeyUsageKeyEncipherment
ExtendedUsages	- ExtKeyUsageClientAuth
Organizations (User Groups)

kube-controller-manager-client Locations

Namespace	Secret Name
openshift-config-managed	kube-controller-manager-client-cert-key
openshift-kube-controller-manager	kube-controller-manager-client-cert-key

File	Permissions	User	Group	SE Linux
/etc/kubernetes/static-pod-resources/kube-controller-manager-certs/secrets/kube-controller-manager-client-cert-key/tls.crt/tls.crt	-rw-------.	root	root	system_u:object_r:kubernetes_file_t:s0
/etc/kubernetes/static-pod-resources/kube-controller-manager-certs/secrets/kube-controller-manager-client-cert-key/tls.crt/tls.key	-rw-------.	root	root	system_u:object_r:kubernetes_file_t:s0

kube-scheduler-client

Client certificate used by the kube-scheduler to authenticate to the kube-apiserver.

Property	Value
Type	Client
CommonName	system:kube-scheduler
SerialNumber	210021322621676919
Issuer CommonName	kube-control-plane-signer
Validity	30d
Signature Algorithm	SHA256-RSA
PublicKey Algorithm	RSA 2048 bit
Usages	- KeyUsageDigitalSignature - KeyUsageKeyEncipherment
ExtendedUsages	- ExtKeyUsageClientAuth
Organizations (User Groups)

kube-scheduler-client Locations

Namespace	Secret Name
openshift-config-managed	kube-scheduler-client-cert-key
openshift-kube-scheduler	kube-scheduler-client-cert-key

File	Permissions	User	Group	SE Linux
/etc/kubernetes/static-pod-resources/kube-scheduler-certs/secrets/kube-scheduler-client-cert-key/tls.crt/tls.crt	-rw-------.	root	root	system_u:object_r:kubernetes_file_t:s0
/etc/kubernetes/static-pod-resources/kube-scheduler-certs/secrets/kube-scheduler-client-cert-key/tls.crt/tls.key	-rw-------.	root	root	system_u:object_r:kubernetes_file_t:s0

kube-apiserver-check-endpoints

Client certificate used by the network connectivity checker of the kube-apiserver.

Property	Value
Type	Client
CommonName	system:serviceaccount:openshift-kube-apiserver:check-endpoints
SerialNumber	7616933575479319771
Issuer CommonName	kube-control-plane-signer
Validity	30d
Signature Algorithm	SHA256-RSA
PublicKey Algorithm	RSA 2048 bit
Usages	- KeyUsageDigitalSignature - KeyUsageKeyEncipherment
ExtendedUsages	- ExtKeyUsageClientAuth
Organizations (User Groups)

kube-apiserver-check-endpoints Locations

Namespace	Secret Name
openshift-kube-apiserver	check-endpoints-client-cert-key

File	Permissions	User	Group	SE Linux
/etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/check-endpoints-client-cert-key/tls.crt/tls.crt	-rw-------.	root	root	system_u:object_r:kubernetes_file_t:s0
/etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/check-endpoints-client-cert-key/tls.crt/tls.key	-rw-------.	root	root	system_u:object_r:kubernetes_file_t:s0

Certificates Without Keys

These certificates are present in certificate authority bundles, but do not have keys in the cluster. This happens when the installer bootstrap clusters with a set of certificate/key pairs that are deleted during the installation process.

kubelet-bootstrap-kubeconfig-signer

Property	Value
Type
CommonName	kubelet-bootstrap-kubeconfig-signer
SerialNumber
Issuer CommonName	None
Validity
Signature Algorithm
PublicKey Algorithm
Usages
ExtendedUsages

kubelet-bootstrap-kubeconfig-signer Locations

Namespace	Secret Name

File	Permissions	User	Group	SE Linux

Certificate Authority Bundles

kube-apiserver-admin-kubeconfig-client-ca

CA for kube-apiserver to recognize the system:master created by the installer.

Bundled Certificates

CommonName	Issuer CommonName	Validity	PublicKey Algorithm
admin-kubeconfig-signer	admin-kubeconfig-signer	10y	RSA 2048 bit

kube-apiserver-admin-kubeconfig-client-ca Locations

Namespace	ConfigMap Name
openshift-config	admin-kubeconfig-client-ca

File	Permissions	User	Group	SE Linux

kube-apiserver-total-client-ca

CA for kube-apiserver to recognize all known certificate based clients.

Bundled Certificates

CommonName	Issuer CommonName	Validity	PublicKey Algorithm
admin-kubeconfig-signer	admin-kubeconfig-signer	10y	RSA 2048 bit
kube-controller-manager-csr-signer	kube-controller-manager-csr-signer-signer	23h	RSA 2048 bit
kube-controller-manager-csr-signer-signer	kube-controller-manager-csr-signer-signer	24h	RSA 2048 bit
kube-apiserver-to-kubelet-signer	kube-apiserver-to-kubelet-signer	365d	RSA 2048 bit
kube-control-plane-signer	kube-control-plane-signer	365d	RSA 2048 bit
kubelet-bootstrap-kubeconfig-signer	kubelet-bootstrap-kubeconfig-signer	10y	RSA 2048 bit
per-master-debugging-signer	per-master-debugging-signer	365d	RSA 2048 bit

kube-apiserver-total-client-ca Locations

Namespace	ConfigMap Name
openshift-config-managed	kube-apiserver-client-ca
openshift-controller-manager	client-ca
openshift-kube-apiserver	client-ca
openshift-kube-controller-manager	client-ca

File	Permissions	User	Group	SE Linux
/etc/kubernetes/static-pod-resources/kube-apiserver-certs/configmaps/client-ca/ca-bundle.crt/ca-bundle.crt	-rw-r--r--.	root	root	system_u:object_r:kubernetes_file_t:s0
/etc/kubernetes/static-pod-resources/kube-controller-manager-certs/configmaps/client-ca/ca-bundle.crt/ca-bundle.crt	-rw-r--r--.	root	root	system_u:object_r:kubernetes_file_t:s0

kube-apiserver-from-installer-client-ca

CA for the kube-apiserver to recognize clients created by the installer.

Bundled Certificates

CommonName	Issuer CommonName	Validity	PublicKey Algorithm
admin-kubeconfig-signer	admin-kubeconfig-signer	10y	RSA 2048 bit
kube-controller-manager-csr-signer-signer	kube-controller-manager-csr-signer-signer	24h	RSA 2048 bit
kube-control-plane-signer	kube-control-plane-signer	365d	RSA 2048 bit
kube-apiserver-to-kubelet-signer	kube-apiserver-to-kubelet-signer	365d	RSA 2048 bit
kubelet-bootstrap-kubeconfig-signer	kubelet-bootstrap-kubeconfig-signer	10y	RSA 2048 bit

kube-apiserver-from-installer-client-ca Locations

Namespace	ConfigMap Name
openshift-config	initial-kube-apiserver-server-ca

File	Permissions	User	Group	SE Linux

kubelet-to-recognize-kube-apiserver-client-ca

CA for the kubelet to recognize the kube-apiserver client certificate.

Bundled Certificates

CommonName	Issuer CommonName	Validity	PublicKey Algorithm
kube-apiserver-to-kubelet-signer	kube-apiserver-to-kubelet-signer	365d	RSA 2048 bit

kubelet-to-recognize-kube-apiserver-client-ca Locations

Namespace	ConfigMap Name
openshift-kube-apiserver-operator	kube-apiserver-to-kubelet-client-ca

File	Permissions	User	Group	SE Linux

kube-apiserver-kcm-and-ks-client-ca

CA for kube-apiserver to recognize the kube-controller-manager and kube-scheduler client certificates.

Bundled Certificates

CommonName	Issuer CommonName	Validity	PublicKey Algorithm
kube-control-plane-signer	kube-control-plane-signer	365d	RSA 2048 bit

kube-apiserver-kcm-and-ks-client-ca Locations

Namespace	ConfigMap Name
openshift-kube-apiserver-operator	kube-control-plane-signer-ca

File	Permissions	User	Group	SE Linux

kube-controller-manager-csr-ca

CA to recognize the CSRs (both serving and client) signed by the kube-controller-manager.

Bundled Certificates

CommonName	Issuer CommonName	Validity	PublicKey Algorithm
kube-controller-manager-csr-signer	kube-controller-manager-csr-signer-signer	23h	RSA 2048 bit
kube-controller-manager-csr-signer-signer	kube-controller-manager-csr-signer-signer	24h	RSA 2048 bit

kube-controller-manager-csr-ca Locations

Namespace	ConfigMap Name
openshift-config-managed	csr-controller-ca
openshift-config-managed	kubelet-serving-ca
openshift-kube-apiserver	kubelet-serving-ca
openshift-kube-apiserver	kubelet-serving-ca-2
openshift-kube-apiserver	kubelet-serving-ca-3
openshift-kube-apiserver	kubelet-serving-ca-4
openshift-kube-controller-manager-operator	csr-controller-ca
openshift-kube-controller-manager-operator	csr-signer-ca
openshift-monitoring	kubelet-serving-ca-bundle

File	Permissions	User	Group	SE Linux
/etc/kubernetes/static-pod-resources/kube-apiserver-pod-2/configmaps/kubelet-serving-ca/ca-bundle.crt/ca-bundle.crt	-rw-r--r--.	root	root	system_u:object_r:kubernetes_file_t:s0
/etc/kubernetes/static-pod-resources/kube-apiserver-pod-3/configmaps/kubelet-serving-ca/ca-bundle.crt/ca-bundle.crt	-rw-r--r--.	root	root	system_u:object_r:kubernetes_file_t:s0
/etc/kubernetes/static-pod-resources/kube-apiserver-pod-4/configmaps/kubelet-serving-ca/ca-bundle.crt/ca-bundle.crt	-rw-r--r--.	root	root	system_u:object_r:kubernetes_file_t:s0

kubelet-bootstrap-kubeconfig-signer

Bundled Certificates

CommonName	Issuer CommonName	Validity	PublicKey Algorithm
kubelet-bootstrap-kubeconfig-signer	kubelet-bootstrap-kubeconfig-signer	10y	RSA 2048 bit

kubelet-bootstrap-kubeconfig-signer Locations

Namespace	ConfigMap Name
openshift-config-managed	kubelet-bootstrap-kubeconfig

File	Permissions	User	Group	SE Linux

kube-controller-manager-csr-signer-signer-ca

CA to recognize the kube-controller-manager's signer for signing new CSR signing certificates.

Bundled Certificates

CommonName	Issuer CommonName	Validity	PublicKey Algorithm
kube-controller-manager-csr-signer-signer	kube-controller-manager-csr-signer-signer	24h	RSA 2048 bit

kube-controller-manager-csr-signer-signer-ca Locations

Namespace	ConfigMap Name
openshift-kube-controller-manager-operator	csr-controller-signer-ca

File	Permissions	User	Group	SE Linux

kube-apiserver-per-master-debugging-client-ca

CA for kube-apiserver to recognize local system:masters rendered to each master.

Bundled Certificates

CommonName	Issuer CommonName	Validity	PublicKey Algorithm
per-master-debugging-signer	per-master-debugging-signer	365d	RSA 2048 bit

kube-apiserver-per-master-debugging-client-ca Locations

Namespace	ConfigMap Name
openshift-kube-apiserver-operator	node-system-admin-ca

File	Permissions	User	Group	SE Linux

Files

kube-apiserver Client Certificates

Directory actions

More options

Directory actions

More options

Latest commit

History

kube-apiserver Client Certificates

Folders and files

parent directory

README.md

kube-apiserver Client Certificates

Signing Certificate/Key Pairs

admin-kubeconfig-signer

admin-kubeconfig-signer Locations

kube-apiserver-to-kubelet-signer

kube-apiserver-to-kubelet-signer Locations

kube-control-plane-signer

kube-control-plane-signer Locations

kube-controller-manager-csr-signer-signer

kube-controller-manager-csr-signer-signer Locations

kube-controller-manager-csr-signer

kube-controller-manager-csr-signer Locations

per-master-debugging-signer

per-master-debugging-signer Locations

Serving Certificate/Key Pairs

Client Certificate/Key Pairs

per-master-debugging-client

per-master-debugging-client Locations

system:control-plane-node-admin

system:control-plane-node-admin Locations

kube-apiserver-to-kubelet-client

kube-apiserver-to-kubelet-client Locations

kube-controller-manager-client

kube-controller-manager-client Locations

kube-scheduler-client

kube-scheduler-client Locations

kube-apiserver-check-endpoints

kube-apiserver-check-endpoints Locations

Certificates Without Keys

kubelet-bootstrap-kubeconfig-signer

kubelet-bootstrap-kubeconfig-signer Locations

Certificate Authority Bundles

kube-apiserver-admin-kubeconfig-client-ca

kube-apiserver-admin-kubeconfig-client-ca Locations

kube-apiserver-total-client-ca

kube-apiserver-total-client-ca Locations

kube-apiserver-from-installer-client-ca

kube-apiserver-from-installer-client-ca Locations

kubelet-to-recognize-kube-apiserver-client-ca

kubelet-to-recognize-kube-apiserver-client-ca Locations

kube-apiserver-kcm-and-ks-client-ca

kube-apiserver-kcm-and-ks-client-ca Locations

kube-controller-manager-csr-ca

kube-controller-manager-csr-ca Locations

kubelet-bootstrap-kubeconfig-signer

kubelet-bootstrap-kubeconfig-signer Locations

kube-controller-manager-csr-signer-signer-ca

kube-controller-manager-csr-signer-signer-ca Locations

kube-apiserver-per-master-debugging-client-ca

kube-apiserver-per-master-debugging-client-ca Locations