starlingx/docs
Code Issues Proposed changes

Install Custom Kubernetes Root CA Certificate

Browse Source 
Story: 2011399
Task: 52686

Change-Id: I6eea2ae16a20b59c448cab98cc2e4c1309265d82
Signed-off-by: Ngairangbam Mili <ngairangbam.mili@windriver.com>
This commit is contained in:
Ngairangbam Mili
2025-08-21 08:54:37 +00:00
parent aa48208729
commit 6fe7ee5aa7
1 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
doc/source/security/kubernetes/kubernetes-root-ca-certificate.rst
View File

@@ -6,6 +6,15 @@
Install Custom Kubernetes Root CA Certificate Install Custom Kubernetes Root CA Certificate
============================================= =============================================
.. note::
The overrides ``k8s_root_ca_cert``, ``k8s_root_ca_key`` and,
``apiserver_cert_sans`` are planned to be be discontinued in future releases.
External connections to kube-apiserver go through a proxy which uses the
REST API/GUI certificate, issued by the Platform Issuer (system-local-ca).
For instructions on how to configure the Platform Issuer, see `https://docs.starlingx.io/deploy_install_guides/release/ansible_bootstrap_configs.html#platform-issuer-system-local-ca <https://docs.starlingx.io/deploy_install_guides/release/ansible_bootstrap_configs.html#platform-issuer-system-local-ca>`__.
By default, the K8S Root |CA| certificate and key are auto-generated and result By default, the K8S Root |CA| certificate and key are auto-generated and result
in the other Kubernetes certificates being signed by an internal not well-known in the other Kubernetes certificates being signed by an internal not well-known
|CA|; for example, for the Kubernetes API server certificate. |CA|; for example, for the Kubernetes API server certificate.