Should be able to set --cert-dir for service account key generation (kubeadm init phase certs sa) #1354
Labels
area/security
help wanted
Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.
kind/bug
Categorizes issue or PR as related to a bug.
Milestone
What keywords did you search in kubeadm issues before filing this one?
cert-dir
,init phase certs
Is this a BUG REPORT or FEATURE REQUEST?
BUG REPORT
Versions
kubeadm version (use
kubeadm version
): v1.13.2Environment:
kubectl version
): v1.13.2uname -a
): N/AWhat happened?
For all other
kubeadm init phase certs
subcommands, I can set--cert-dir
. Forkubeadm init phase certs sa
, I cannot.The reasoning for this (I assume) is that the
sa
command does not actually relate to certificates - just a public/private key pair. See the code here.This used to be possible when these subcommands were still under
kubeadm alpha phase certs
.What you expected to happen?
Since I can change the target location for other PKI assets, I should be able to do the same for these assets.
How to reproduce it (as minimally and precisely as possible)?
kubeadm init phase certs sa --cert-dir <anything>
should error due to--cert-dir
not being a valid flag for thesa
subcommand at this time.Anything else we need to know?
I'm also in favor of renaming
--cert-dir
to--pki-dir
if possible, as that seems more logical given the assets that are generated. We could also name the flag differently for just hesa
subcommand, I suppose.The text was updated successfully, but these errors were encountered: