Is it safe to sign the metrics-server certificate and key with the Cluster CA?

8/8/2019

I'm trying to install metrics-server and I'm not sure what to do with the --tls-cert-file and --tls-private-key-file.

https://github.com/kubernetes-incubator/metrics-server

Can I use a certificate and key that is signed by the Cluster CA? Or is this bad unsafe for production?

-- markhops
kubernetes
pki

1 Answer

8/9/2019

It says in the referenced docs,

--tls-cert-file, --tls-private-key-file: the serving certificate and key files. If not specified, self-signed certificates will be generated, but it's recommended that you use non-self-signed certificates in production.

As a general rule, providing certs of your own CA would be the safest option.

-- AYA
Source: StackOverflow