New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kubeadm: remove usage of the "certificates" API for cert renewal #90143
kubeadm: remove usage of the "certificates" API for cert renewal #90143
Conversation
The flag "--use-api" for "alpha certs renew" was deprecated in 1.18. Remove the flag and related logic that executes certificate renewal using "api/certificates/v1beta1". kubeadm continues to be able to create CSR files and renew using the local CA on disk.
/kind deprecation |
/priority important-longterm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: neolit123 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest |
@kubernetes/sig-cluster-lifecycle-pr-reviews |
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @neolit123 !
/lgtm
I would leave the hold for @fabriziopandini to TAL at it too.
/assign @fabriziopandini |
this PR and the usage in kubeadm partially blocks the pending changes in the certificates API: thanks |
/retest |
could you please update 1.19 documents? it is still using this removed flag. Create certificate signing requests (CSR) If you set up an external signer such as cert-manager, certificate signing requests (CSRs) are automatically approved. Otherwise, you must manually approve certificates with the kubectl certificate command. The following kubeadm command outputs the name of the certificate to approve, then blocks and waits for approval to occur: sudo kubeadm alpha certs renew apiserver --use-api & |
thanks for catching that. |
@neolit123 PR was created. FYI. kubernetes/website#26841 |
What this PR does / why we need it:
WIP: waiting on kubernetes/enhancements#1513 to go GA.
The flag "--use-api" for "alpha certs renew" was deprecated in 1.18.
Remove the flag and related logic that executes certificate renewal
using "api/certificates/v1beta1". kubeadm continues to be able
to create CSR files and renew using the local CA on disk.
Which issue(s) this PR fixes:
Fixes kubernetes/kubeadm#2047
Special notes for your reviewer:
NONE
Does this PR introduce a user-facing change?:
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: