drewwells
commented
3 years ago Does the provision.sh script still need to check for secrets against k8s api? The secrets are created by cert-manager and can be mounted. The script then would open up the TLS certificates and do necessary kubeadm commands to create k8s api certificates.
The other possibility I see for improvement here would be to retry with backoff and eventually abort (
exit 1) upon error. This way it would be eventually consistent during a kube-apiserver outage._Originally posted by @kd7lxl in https://github.com/infobloxopen/konk/pull/120#discussion_r525402993_