Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: manually generate self-signed kubelet serving cert when opting out of certificate rotation #5511

Open
wants to merge 8 commits into
base: dev
Choose a base branch
from
Open

refactor: manually generate self-signed kubelet serving cert when opting out of certificate rotation #5511

wants to merge 8 commits into from
+4,947 −2,605

Conversation

cameronmeissner
Copy link
Collaborator

@cameronmeissner cameronmeissner commented Jan 6, 2025
edited
Loading

What type of PR is this?

What this PR does / why we need it:

in cases where customers want to manually opt-out of kubelet serving cert rotation via nodepool tag, this PR ensures that the self-signed certificate their kubelets end up getting look exactly the same as the self-signed certs they'd get if they hadn't been onboarded to kubelet serving certificate rotation in the first place - this is accomplished by calling the generateSelfSignedKubeletServingCertificate function explicitly and passing in --tls-cert-file/--tls-private-key-file to the kubelet, rather than letting kubelet generate its own self-signed cert at startup time.

Which issue(s) this PR fixes:

Fixes #

Requirements:

Special notes for your reviewer:

Release note:

none

@cameronmeissner cameronmeissner marked this pull request as ready for review January 7, 2025 18:27
@cameronmeissner
Copy link
Collaborator Author

relevant abe2e scenarios are passing, failures are unrelated

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lilypan26 lilypan26 lilypan26 approved these changes

@juan-lee juan-lee Awaiting requested review from juan-lee juan-lee is a code owner

@UtheMan UtheMan Awaiting requested review from UtheMan UtheMan is a code owner

@ganeshkumarashok ganeshkumarashok Awaiting requested review from ganeshkumarashok ganeshkumarashok is a code owner

@anujmaheshwari1 anujmaheshwari1 Awaiting requested review from anujmaheshwari1 anujmaheshwari1 is a code owner

@AlisonB319 AlisonB319 Awaiting requested review from AlisonB319 AlisonB319 is a code owner

@Devinwong Devinwong Awaiting requested review from Devinwong Devinwong is a code owner

@AbelHu AbelHu Awaiting requested review from AbelHu AbelHu is a code owner

@junjiezhang1997 junjiezhang1997 Awaiting requested review from junjiezhang1997 junjiezhang1997 is a code owner

@jason1028kr jason1028kr Awaiting requested review from jason1028kr jason1028kr is a code owner

@djsly djsly Awaiting requested review from djsly djsly is a code owner

@phealy phealy Awaiting requested review from phealy phealy is a code owner

@r2k1 r2k1 Awaiting requested review from r2k1 r2k1 is a code owner

@timmy-wright timmy-wright Awaiting requested review from timmy-wright timmy-wright is a code owner

@zachary-bailey zachary-bailey Awaiting requested review from zachary-bailey zachary-bailey is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cameronmeissner @lilypan26