openssl req -nodes is deperecated

kubernetes / website

Kubernetes website and documentation repo:

https://kubernetes.io

Creative Commons Attribution 4.0 International

4.46k stars 14.36k forks source link

openssl req -nodes is deperecated #37901

Open hamza-m-masood opened 1 year ago

hamza-m-masood commented 1 year ago

Within this page: content/en/docs/tasks/administer-cluster/certificates.md

The nodes command is deprecated: openssl req -x509 -new -nodes -key ca.key -subj "/CN=${MASTER_IP}" -days 10000 -out ca.crt

Just wanted to let you guys know : )

Kartik494 commented 1 year ago

@HamzaMasood1 i am not so sure on this . @sftim if this is right could we mark this command as deprecated?

k8s-triage-robot commented 1 year ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue as fresh with /remove-lifecycle stale
Close this issue with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

sftim commented 1 year ago

We should explain how to set up certificates. That explanation doesn't need to use the openssl command.

/remove-triage support /kind bug /triage accepted /sig security /language en

k8s-ci-robot commented 1 year ago

@sftim: Those labels are not set on the issue: triage/support

In response to [this](https://github.com/kubernetes/website/issues/37901#issuecomment-1428445820): >We should explain how to set up certificates. That explanation doesn't need to use the `openssl` command. > >/remove-triage support >/kind bug >/triage accepted >/sig security >/language en Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

sftim commented 1 year ago

/remove-lifecycle stale

sftim commented 1 year ago

/remove-kind support

adityasamant25 commented 9 months ago

@HamzaMasood1 On executing this command, there is no deprecation warning. openssl req -x509 -new -nodes -key ca.key -subj "/CN=${MASTER_IP}" -days 10000 -out ca.crt.

Can you please share the reference to the deprecation?

mrgiles commented 6 months ago

I can also confirm that the openssl req command listed in the Generate Certificates Manually task works as intended and generates the certificate without any errors.

However, the man page for the openssl req command does mention that the -nodes option has been deprecated and that the -noenc option should be used instead.

-nodes
    This option is deprecated since OpenSSL 3.0; use -noenc instead.

@sftim I can update the page in question to reflect this change if that helps for clarity.

mrgiles commented 5 months ago

/assign

mrgiles commented 5 months ago

FYI @dipesh-rawat

sftim commented 5 months ago

@sftim I can update the page in question to reflect this change if that helps for clarity.

Noted.

mrgiles commented 5 months ago

@sftim, should I go ahead and update the doc? Or should we close this issue? Thanks