1. 07 Jul, 2021 1 commit
  2. 30 Jun, 2021 1 commit
  3. 29 Jun, 2021 1 commit
  4. 25 Jun, 2021 1 commit
  5. 24 Jun, 2021 1 commit
  6. 21 Jun, 2021 1 commit
  7. 18 Jun, 2021 1 commit
  8. 16 Jun, 2021 1 commit
  9. 15 Jun, 2021 3 commits
  10. 08 Jun, 2021 2 commits
  11. 07 Jun, 2021 2 commits
  12. 04 Jun, 2021 3 commits
  13. 20 May, 2021 3 commits
  14. 19 May, 2021 4 commits
  15. 14 May, 2021 3 commits
  16. 13 May, 2021 2 commits
  17. 12 May, 2021 4 commits
  18. 11 May, 2021 1 commit
  19. 10 May, 2021 3 commits
  20. 07 May, 2021 1 commit
  21. 05 May, 2021 1 commit
    • Siegfried Weber's avatar
      Sign CSRs for kubelet-serving with the server CA · e77fd182
      Siegfried Weber authored
      Problem:
      Only the client CA is passed to the kube-controller-manager and
      therefore CSRs with the signer name "kubernetes.io/kubelet-serving" are
      signed with the client CA. Serving certificates must be signed with the
      server CA otherwise e.g. "kubectl logs" fails with the error message
      "x509: certificate signed by unknown authority".
      
      Solution:
      Instead of providing only one CA via the kube-controller-manager
      parameter "--cluster-signing-cert-file", the corresponding CA for every
      signer is set with the parameters
      "--cluster-signing-kube-apiserver-client-cert-file",
      "--cluster-signing-kubelet-client-cert-file",
      "--cluster-signing-kubelet-serving-cert-file", and
      "--cluster-signing-legacy-unknown-cert-file".
      Signed-off-by: 's avatarSiegfried Weber <mail@siegfriedweber.net>
      e77fd182