I am new to these certificates. As far as I understood the client sends client.crt to server and server sends server.crt to client for autherntication. so my question is y r we sending server.key and ca.crt to the etcd server ???
Thank you for clearing why we need to send ca.crt.
if only server.crt is being send to the etcd server then why did we mention --key /etc/kubernetes/pki/etcd/server.key ? what is use of this ? what is the server.key used for?
For ease, both etcdctl and etcd server have the same copy of all three files.
For better security etcdctl could have different .crt and .key files, but those would have to be issued by the same CA, and therefore both ends would have the same copy of ca.crt
Certificate authority certificates are public knowledge, and your own computer contains many of them for the well known certificate authorities like GlobalSign etc.