Add an option to configure the kubelet certificates directory path - Githubissues

kubernetes-sigs / kubespray

Deploy a Production Ready Kubernetes Cluster

Apache License 2.0

16.13k stars 6.47k forks source link

Add an option to configure the kubelet certificates directory path #11403

Open liofko opened 3 months ago

liofko commented 3 months ago

What would you like to be added

As for now, we can configure the kubernets and etcd certificates path: kube_cert_dir: "{{ kube_config_dir }}/ssl" etcd_cert_dir: "{{ etcd_config_dir }}/ssl"

I would like the option to change the kubelet cert-dir as well (instead of always use /var/lib/kubelet/pki/) For example, This should be added in both kubelet config/env file and kubelet-fix-client-cert-rotation tasks (and probably some other places I missed)

Why is this needed

For security reasons, in case we want to place all the sensitive certificates on a secure (encrypted) location - e.g. ramfs or luks storage.

k8s-triage-robot commented 5 days ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue as fresh with /remove-lifecycle stale
Close this issue with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale