I have set up a Kubernetes cluster using Rancher. Now I want to expose my Kubernetes API on a public IP and connect to it using a client certificate.
Now I face the following problems:
To create a client certificate, I need the CA key. However, in the /etc/kubernetes/ssl directory in the kubernetes container, I only find the CA certificate (and the server key and certificate). So my question is, where do I find the CA key?
Furthermore, the current server certificate is not valid for my external IP/DNS. Only for the internal IP’s. So I probably have to create a custom certifcate anyway.
According to the documentation I can use my own certificates in Rancher, but my question is whether they will be used by Kubernetes as well?
Finally, how do I change these certificates without reinstalling my current cluster?
Thanking you in advance,