Custom Kubernetes certificates


I have set up a Kubernetes cluster using Rancher. Now I want to expose my Kubernetes API on a public IP and connect to it using a client certificate.

Now I face the following problems:

To create a client certificate, I need the CA key. However, in the /etc/kubernetes/ssl directory in the kubernetes container, I only find the CA certificate (and the server key and certificate). So my question is, where do I find the CA key?

Furthermore, the current server certificate is not valid for my external IP/DNS. Only for the internal IP’s. So I probably have to create a custom certifcate anyway.

According to the documentation I can use my own certificates in Rancher, but my question is whether they will be used by Kubernetes as well?

Finally, how do I change these certificates without reinstalling my current cluster?

Thanking you in advance,

Did you ever get this answered? I’m having the same issue.