Enable custom CSR signer name

admiraltyio / admiralty

A system of Kubernetes controllers that intelligently schedules workloads across clusters.

https://admiralty.io

Apache License 2.0

673 stars 87 forks source link

Enable custom CSR signer name #211

Closed rdvencioneck closed 4 days ago

rdvencioneck commented 2 months ago

Some Control planes, such as AWS EKS, won't accept kubernetes.io/kubelet-serving as the CSR SignerName. As documented here, EKS users can use beta.eks.amazonaws.com/app-serving as the SignerName, instead, to get the certificate properly signed by the control plane.

This PR will enable any custom SignerName, so that it can work for EKS or other managed control planes that may require custom SignerName. Solves https://github.com/admiraltyio/admiralty/issues/120

adrienjt commented 1 month ago

Thank you @rdvencioneck and sorry for the late reply. Could you please add the field to the chart's readme.

And ideally a note or page in the operator guide. I'm sure a lot of people will find this useful.

Out of scope for this PR: a subsequent PR would be welcome to run the end-to-end tests on EKS, to prove that this works and continues to work. Basically, this old PR could be revived: https://github.com/admiraltyio/admiralty/pull/122/files

rdvencioneck commented 3 weeks ago

hi @adrienjt sorry, I missed your review. I've included the requested info and will take a look at the referenced PR after this one is merged

Thanks!

rdvencioneck commented 1 week ago

@adrienjt could you please trigger the tests again? They passed previously, but auto-merge didn't work for some reason