Add option to generate CSRs to kubeadm alpha phase certs #794
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
lifecycle/active
Indicates that an issue or PR is actively being worked on by a contributor.
priority/important-longterm
Important over the long term, but may not be staffed and/or may need multiple releases to complete.
sig/cluster-lifecycle
Categorizes an issue or PR as relevant to SIG Cluster Lifecycle.
Milestone
FEATURE REQUEST
Certificate generation is currently handled completely internally of kubeadm, although there is support for externally generated certificates (if kubeadm finds certificates but not the private CA key).
Some users of external CAs could consume CSRs generated by kubeadm, which is fed with node information, and pass on those CSRs to external CAs, store the results in the appropriate place and allow kubeadm to use these as any other external CA.
The workflow would be something like:
kubeadm alpha phase certs all --csr-only --config <path to config> --csr-dir <somewhere>
Versions
kubeadm version (use
kubeadm version
):git commit:
13f3c7c7ca5d79edeb82a6075b3743c788a3ca4a
(pre 1.11 master at time of writing this issue)Environment:
N/A
cc @liztio as per Slack conversation.
The text was updated successfully, but these errors were encountered: