Legacy cert signing path uses same key for kubelet and kube-proxy

**Environmental Info:**
K3s Version: v1.32.2

Node(s) CPU architecture, OS, and Version: n/a

Cluster Configuration: n/a

**Describe the bug:**
Legacy client certificate generation uses the wrong key to sign the kubelet cert. The kube-proxy key is used and sent, instead of the kubelet key.

This isn't a huge deal because
1. only legacy (down-level) clients still use this code path
2. clients already have this key so it's not sharing anything they don't already have

**Steps To Reproduce:**
Connect a pre https://github.com/k3s-io/k3s/pull/11471 client to a newer server


**Expected behavior:**
Different keys are used

**Actual behavior:**
The kubelet and kube-proxy certs use the same private key

**Additional context / logs:**
From @AaronDewes in https://github.com/k3s-io/k3s/pull/12011

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Legacy cert signing path uses same key for kubelet and kube-proxy #12012

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Legacy cert signing path uses same key for kubelet and kube-proxy #12012

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions