i setup a kubernetes cluster on azure with the azure-container-service cli (az acs create). The cluster is up and running and it seems to work fine. Now I want to sign client certificates with my kubernetes CA which was created on installation. In my understanding i need the ca certificate (which is hand over to the kubernetes api server with --client-ca-file=) and the private key from this ca file to sign a new client certificate. The Problem is I can't find the private key for my CA file.
Where can i find the private key?
Can i sign client certs for my developer without this private key?
Is the setup process of azure-container-service broken when the private key is lost?
Are these the one that you are looking for??
azureuser@k8s-master-9XXXXX-0:~$ ls -la /etc/kubernetes/certs/
total 28
drwxr-xr-x 2 root root 4096 Mar 14 20:59 .
drwxr-xr-x 5 root root 4096 Mar 14 20:59 ..
-rw-r--r-- 1 root root 1600 Mar 14 20:58 apiserver.crt
-rw-r--r-- 1 root root 2048 Mar 14 20:59 apiserver.key
-rw-r--r-- 1 root root 1182 Mar 14 20:58 ca.crt
-rw-r--r-- 1 root root 1202 Mar 14 20:58 client.crt
-rw-r--r-- 1 root root 2048 Mar 14 20:59 client.key