Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make CSRs compatible with Kubernetes v1.22 #671

Merged
merged 1 commit into from Aug 30, 2021
Merged

Make CSRs compatible with Kubernetes v1.22 #671

merged 1 commit into from Aug 30, 2021

Conversation

siegfriedweber
Copy link
Contributor

The certificates.k8s.io/v1beta1 API version of CertificateSigningRequest is no longer served as of Kubernetes v1.22. The certificates.k8s.io/v1 API version is used instead which is available since v1.19.

The requirements of the new API version were already met:

Notable changes in certificates.k8s.io/v1:

  • For API clients requesting certificates:
    • spec.signerName is now required (see known Kubernetes signers), and requests for kubernetes.io/legacy-unknown are not allowed to be created via the certificates.k8s.io/v1 API
    • spec.usages is now required, may not contain duplicate values, and must only contain known usages

see https://kubernetes.io/docs/reference/using-api/deprecation-guide/#certificatesigningrequest-v122

This change makes kubelet incompatible with Kubernetes v1.18 and lower.

k8s-openapi is currently compiled with the feature v1_21 which is okay because the new API is available since v1_19.

@siegfriedweber
Migrate to certificates.k8s.io/v1
ca83990 
The certificates.k8s.io/v1beta1 API version of CertificateSigningRequest
is no longer served as of v1.22. The certificates.k8s.io/v1 API version
is used instead which is available since v1.19.

Signed-off-by: Siegfried Weber <mail@siegfriedweber.net>
@siegfriedweber siegfriedweber mentioned this pull request Aug 30, 2021
Closed
thomastaylor312
thomastaylor312 approved these changes Aug 30, 2021
View reviewed changes
Copy link
Member

@thomastaylor312 thomastaylor312 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for doing this! Just as a note for anyone else who stumbles onto this PR, #660 will bring us to fully operational battlestation k8s 1.22 status as we still need to update the underlying libraries as well

@thomastaylor312 thomastaylor312 changed the title Make compatible with Kubernetes v1.22 Make CSRs compatible with Kubernetes v1.22 Aug 30, 2021
@thomastaylor312 thomastaylor312 merged commit daf2315 into krustlet:main Aug 30, 2021
@0xE282B0 0xE282B0 mentioned this pull request Nov 13, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thomastaylor312 thomastaylor312 thomastaylor312 approved these changes

@bacongobbler bacongobbler Awaiting requested review from bacongobbler bacongobbler is a code owner

@kflansburg kflansburg Awaiting requested review from kflansburg kflansburg is a code owner

@technosophos technosophos Awaiting requested review from technosophos technosophos is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@siegfriedweber @thomastaylor312