Closed chuckha closed 5 years ago
/assign /lifecycle active
@chuckha @rbanksto A question better understanding expectations for this use case. In case of external etcd kubeadm expect the user should provide a certificate for the API server to access the API server. Are we assuming:
1) the user should pass this certificate using another secret and then CABPK to move it to the cloud init script 2) CABPK should take care of generating this certificate (if not provided by the user) and then CABPK to move it to the cloud init script
or both?
@fabriziopandini 1) I would expect CABPK to move the secret to the cloud init script and bootstrap the node with that certificate. 2) If an external CA is in use but only the CA secret is set, use the provided CA to generate the rest of the certificates.
/kind bug
Original author: @rbankston
What steps did you take and what happened: https://github.com/kubernetes-sigs/cluster-api-provider-vsphere/issues/557
Provisioned an external etcd cluster for use with a CAPV cluster and loaded the certificate authority key and certificate used for etcd in the namespace with the -ca secret with the same label. The controller fails to move on with the provisioning using the secret and instead outputs:
What did you expect to happen: Expected the secret to be used to provision the cluster
Environment:
Cluster-api-provider-vsphere version: 0.5.0 Kubernetes version: (use kubectl version): 1.15.1 OS (e.g. from /etc/os-release): Ubuntu 18.04