Add option to generate CSRs to kubeadm alpha phase certs #794
Assignees
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
lifecycle/active
Indicates that an issue or PR is actively being worked on by a contributor.
priority/important-longterm
Important over the long term, but may not be staffed and/or may need multiple releases to complete.
sig/cluster-lifecycle
Categorizes an issue or PR as relevant to SIG Cluster Lifecycle.
Milestone
Comments
|
/kind feature |
k8s-ci-robot
added
kind/feature
|
/assign @liztio |
timothysc
added
the
priority/important-soon
|
We're going to have to punt this to 1.13 due to code freeze. |
timothysc
added
priority/important-longterm
liztio
added
the
lifecycle/active
|
solved in: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
FEATURE REQUEST
Certificate generation is currently handled completely internally of kubeadm, although there is support for externally generated certificates (if kubeadm finds certificates but not the private CA key).
Some users of external CAs could consume CSRs generated by kubeadm, which is fed with node information, and pass on those CSRs to external CAs, store the results in the appropriate place and allow kubeadm to use these as any other external CA.
The workflow would be something like:
kubeadm alpha phase certs all --csr-only --config <path to config> --csr-dir <somewhere>Versions
kubeadm version (use
kubeadm version):git commit:
13f3c7c7ca5d79edeb82a6075b3743c788a3ca4a(pre 1.11 master at time of writing this issue)Environment:
N/A
cc @liztio as per Slack conversation.
The text was updated successfully, but these errors were encountered: