Review usage of certificates

[emedina]

Hi,

I've noticed that most of the certificates, no matter whether they are for the API Server, or the kubelet or the controller, etc, they always define an usage of both client and server.

Not sure whether this is intentional or not, but it may expose some security vulnerability.

Example: Subject: CN=system:kube-controller-manager X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication

Thanks.