-
Sub-task
-
Resolution: Done
-
Undefined
-
None
-
None
-
None
-
None
-
False
-
None
-
False
-
ACM-2643 - Next Generation Control Plane
-
-
Description of problem:
Currently we use shell scripts to generate the certs which is not a final solution. We should generate the certs before start the api server. And we need to handle the cert rotation. We cannot just remove the certs dir and regenerate all the certificates, because there are some long-lived certs and CAs that shouldn't be swapped. e.g.:
1. kube-apiserver serving certificate CAs - if you're connecting from the outside, the CA swap would likely be confusing
2. system:admin client certificate - we don't want to rotate the certificate that allows you to authenticate to the API
Goals:
This task is focusing on generate the certs by using go code and handle the cert rotation as well.
/assign Yuchen Yao
- relates to
-
ACM-2768 Build AMI with controlplane
- Closed