When running kubeadm init
command, by default the required certificates are generated under /etc/kubernetes/pki location
.
Is there any option to run kubeadm init
command to ignore generating certificates?
You can use the --skip-phases
option to skip phases:
--skip-phases
stringSlice List of phases to be skipped
To skip the certificate generation: kubeadm init --skip-phases certs
This implies generating the certificates on your own. You cannot use Kubernetes without a Certificate Authority (CA). Take a look on how Manage TLS Certificates in a Cluster:
Every Kubernetes cluster has a cluster root Certificate Authority (CA). The CA is generally used by cluster components to validate the API server’s certificate, by the API server to validate kubelet client certificates, etc. To support this, the CA certificate bundle is distributed to every node in the cluster and is distributed as a secret attached to default service accounts.
And also PKI Certificates and Requirements:
Kubernetes requires PKI certificates for authentication over TLS. If you install Kubernetes with
kubeadm
, the certificates that your cluster requires are automatically generated. You can also generate your own certificates – for example, to keep your private keys more secure by not storing them on the API server.
Kubernetes needs certificates. So it is only a choice about who will manage them (kubeadm or you).