New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
modify the signing/approving controller to tolerate either set of usages for kubelet client and serving certificates #111061
modify the signing/approving controller to tolerate either set of usages for kubelet client and serving certificates #111061
Conversation
@pacoxu: This issue is currently awaiting triage. If a SIG or subproject determines this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
e56f450
to
a80b502
Compare
6f2ae41
to
fb06fd2
Compare
fb06fd2
to
bed76fa
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
one test nit, then lgtm
…ges for kubelet client and serving certificates Signed-off-by: Paco Xu <paco.xu@daocloud.io>
bab84a7
to
e6176c2
Compare
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: liggitt, pacoxu The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
once this merges, if you don't mind, can you open the PR we'll merge in 1.26 relaxing the API defaulting? |
of course. Thanks for your detailed review and guide. |
/retest |
I opened #111660 for v1.26. |
Could we update the changelog entry to mention that this change is in connection with CertificateSigningRequest? |
I tried to change it like above to mention the sign request approval. |
This commit modifies the existing CSr approver to tolerate a set of usages for kubelet client and serving certificates without key encipherment to accomodate recent upstream changes around key encipherment. Releated upstream PR's: kubernetes/kubernetes#111061 kubernetes/kubernetes#111660
This commit modifies the existing CSr approver to tolerate a set of usages for kubelet client and serving certificates without key encipherment to accomodate recent upstream changes around key encipherment. Releated upstream PR's: kubernetes/kubernetes#111061 kubernetes/kubernetes#111660
This commit modifies the existing CSr approver to tolerate a set of usages for kubelet client and serving certificates without key encipherment to accomodate recent upstream changes around key encipherment. Releated upstream PR's: kubernetes/kubernetes#111061 kubernetes/kubernetes#111660
This commit modifies the existing CSr approver to tolerate a set of usages for kubelet client and serving certificates without key encipherment to accomodate recent upstream changes around key encipherment. Releated upstream PR's: kubernetes/kubernetes#111061 kubernetes/kubernetes#111660
This commit modifies the existing CSr approver to tolerate a set of usages for kubelet client and serving certificates without key encipherment to accomodate recent upstream changes around key encipherment. Releated upstream PR's: kubernetes/kubernetes#111061 kubernetes/kubernetes#111660
This commit modifies the existing CSr approver to tolerate a set of usages for kubelet client and serving certificates without key encipherment to accomodate recent upstream changes around key encipherment. Releated upstream PR's: kubernetes/kubernetes#111061 kubernetes/kubernetes#111660
This commit modifies the existing CSr approver to tolerate a set of usages for kubelet client and serving certificates without key encipherment to accomodate recent upstream changes around key encipherment. Releated upstream PR's: kubernetes/kubernetes#111061 kubernetes/kubernetes#111660
This commit modifies the existing CSr approver to tolerate a set of usages for kubelet client and serving certificates without key encipherment to accomodate recent upstream changes around key encipherment. Releated upstream PR's: kubernetes/kubernetes#111061 kubernetes/kubernetes#111660
This commit modifies the existing CSR approval process to accept a set of CSR usages with and without key encipherment. This is required after the recent upstream changes where kubelet may request a CSR without the key encipherment usage when given a non-RSA key. Releated upstream PR's: kubernetes/kubernetes#111061 kubernetes/kubernetes#111660
This commit modifies the existing CSR approval process to accept a set of CSR usages with and without key encipherment. This is required after the recent upstream changes where kubelet may request a CSR without the key encipherment usage when given a non-RSA key. Releated upstream PR's: kubernetes/kubernetes#111061 kubernetes/kubernetes#111660
What type of PR is this?
/kind bug
What this PR does / why we need it:
Which issue(s) this PR fixes:
xref #109077
Special notes for your reviewer:
kubernetes/pkg/controller/certificates/signer/signer.go
Lines 277 to 293 in 14e8db0
The controller already tolerates it.
Does this PR introduce a user-facing change?