Ubuntu 18.04 v1.14.4 AMI filesystem has kubelet cert/key #1055
Labels
kind/bug
Categorizes issue or PR as related to a bug.
lifecycle/active
Indicates that an issue or PR is actively being worked on by a contributor.
priority/important-soon
Must be staffed and worked on either currently, or very soon, ideally in time for the next release.
Milestone
/kind bug
What steps did you take and what happened:
I deployed metrics-server on an a CAPA cluster. The metrics-server get metrics from kubelets because their server cert was not valid for their respective host addresses:
After opening an ssh session to the host, I noticed that the kubelet cert was much older than the cluster itself:
My guess was that the cert is baked into the AMI. I confirmed this by manually creating an instance using the AMI:
What did you expect to happen:
No kubelet cert/key should be on the AMI filesystem.
Environment:
kubectl version
): v1.14.1/etc/os-release
): Ubuntu 18.04/cc @detiber
The text was updated successfully, but these errors were encountered: