Open chrisseto opened 2 years ago
Cockroach docs seem to strongly imply that the project is (correctly) dropping support for this approach, in favor of using something like cert-manager. Updating to 1.22 should also include directions about e.g. how to use cert-manager as the signer for the v1 CSR resource.
Aside: I'm in the process of converting our request-cert process to using vault-agent instead.
@nyarly could you cite the docs that suggest using cert-manager? Our technical writer says there's no reference to cert-manager in in our documentation.
We are dropping support for this approach and will be removing this container once we've settled on an acceptable alternative.
Reviewing, I was taking that from the helm chart, which dropped support for request-cert in favor of cert-manager or a self signed thing that liked kind of hacky
As of Kubernetes 1.22,
certificates.k8s.io/v1beta1
is no longer being served.The request-cert container/binary uses the
v1beta1
API and will fail to create a CSR in newer Kubernetes clusters:To mitigate this issue, we'll have to upgrade to
certificates.k8s.io/v1
and drop support for Kubernetes < 1.19.