mirror of https://github.com/kubernetes/kops.git
24 lines
1.0 KiB
Markdown
24 lines
1.0 KiB
Markdown
# Using a custom certificate authority
|
|
|
|
## Background Info
|
|
|
|
When deploying a `kops` based Kubernetes cluster, `kops` will generate a Certificate Authority keypair for signing
|
|
various certificates. In some cases, you may want to provide your own CA keypair.
|
|
|
|
### Building a cluster with a custom CA
|
|
|
|
The following procedure will allow you to override the CA when creating a cluster. For the sake of this example, you have two files
|
|
`ca.crt` and `ca.key`.
|
|
|
|
>`cluster-name.com` should be the cluster name you put in the `cluster.yaml`
|
|
|
|
```bash
|
|
kops create -f cluster.yaml
|
|
kops create keypair kubernetes-ca --primary --cert ca.crt --key ca.key --name cluster-name.com
|
|
kops update cluster --yes
|
|
```
|
|
|
|
1. First we create the cluster folder structure in the statestore.
|
|
2. Second, we create a keypair with the name `kubernetes-ca` and provide our own values.
|
|
3. Last, we run `kops update cluster --yes`, which will generate all the certificates needed, referencing the keypair called `kubernetes-ca` we just defined (instead of generating its own).
|