I'm trying to install metrics-server and I'm not sure what to do with the --tls-cert-file
and --tls-private-key-file
.
https://github.com/kubernetes-incubator/metrics-server
Can I use a certificate and key that is signed by the Cluster CA? Or is this bad unsafe for production?
It says in the referenced docs,
--tls-cert-file, --tls-private-key-file: the serving certificate and key files. If not specified, self-signed certificates will be generated, but it's recommended that you use non-self-signed certificates in production.
As a general rule, providing certs of your own CA would be the safest option.