Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #41912 from jcbsmpsn/rotate-client-certificate
Automatic merge from submit-queue (batch tested with PRs 46726, 41912, 46695, 46034, 46551) Rotate kubelet client certificate. Changes the kubelet so it bootstraps off the cert/key specified in the config file and uses those to request new cert/key pairs from the Certificate Signing Request API, as well as rotating client certificates when they approach expiration. Default behavior is for client certificate rotation to be disabled. If enabled using a command line flag, the kubelet exits each time the certificate is rotated. I tried to use `GetCertificate` in [tls.Config](https://golang.org/pkg/crypto/tls/#Config) but it is only called on the server side of connections. Then I tried `GetClientCertificate`, but it is new in 1.8. **Release note** ```release-note With --feature-gates=RotateKubeletClientCertificate=true set, the kubelet will request a client certificate from the API server during the boot cycle and pause waiting for the request to be satisfied. It will continually refresh the certificate as the certificates expiration approaches. ```
- Loading branch information
Showing
5 changed files
with
130 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters