Adding mandatory SAN to webhook server CSR

nokia / CPU-Pooler

A Device Plugin for Kubernetes, which exposes the CPU cores as consumable Devices to the Kubernetes scheduler.

BSD 3-Clause "New" or "Revised" License

93 stars 22 forks source link

Adding mandatory SAN to webhook server CSR #59

Closed Levovar closed 3 years ago

Levovar commented 3 years ago

Fixes https://github.com/nokia/CPU-Pooler/issues/57

Also updating the CSR request to use the V1 CSR API, as v1beta1 is now officially deprecated. Mandatory signing authority added, and set to kubelet. To make kubelet sign server certificates O needed to be set to system:nodes, and CN must start with system:node: