I'm new to Kubernetes and diving into etcd. I'm curious about a couple of things: 1) Do most organizations use kubeadm for their production Kubernetes setups, or is there a preference for systemd services? 2) When it comes to certificate management for etcd, which includes client, peer, and server certificates, do companies handle certificate rotations manually, or do they use some external service to automate it? Thank you for any insights!
5 Answers
In my experience, many prefer kubeadm. For certificate management, they typically automate it with tools like cert-manager instead of doing it manually.
Kubeadm handles certificates well, especially if you set up an intermediate CA. It usually auto-renews the certs each time Kubernetes gets upgraded, which tends to be a few times a year.
I bootstrap our on-prem cluster with kubeadm, following the official Kubernetes guidelines. When people mention 'systemd services', they usually refer to unit files that manage services like kubelet. For high-availability clusters, Kubernetes can auto-manage certs during upgrades. There’s a command for rotating all internal certs, but I can’t recall it right now.
A lot of businesses opt for managed Kubernetes services to take care of the control plane for them. It really simplifies operations.
Most companies prefer using kubeadm or tools like OpenShift which can manage the control plane smoothly. Plus, they often handle cert management automatically, especially during upgrades.
Related Questions
How To Get Your Domain Unblocked From Facebook
How To Find A String In a Directory of Files Using Linux