certificates.k8s.io/v1beta1 CertificateSigningRequest is deprecated in v1.19+, unavailable in v1.22+; use certificates.k8s.io/v1 CertificateSigningRequest

proofpoint / certificate-init-container

Bootstrap TLS certificates for Pods using the Kubernetes certificates API.

Apache License 2.0

7 stars 10 forks source link

certificates.k8s.io/v1beta1 CertificateSigningRequest is deprecated in v1.19+, unavailable in v1.22+; use certificates.k8s.io/v1 CertificateSigningRequest #38

Open ruiyang2015 opened 3 years ago

ruiyang2015 commented 3 years ago

Getting this error since we upgrade our GKE to use k8s 1.21. It will be great if you can bump the v1beta1 to the new k8s api entrypoint.

johngmyers commented 3 years ago

We aren't running a Kubernetes version that has v1 yet, so this may take a while.

thejosephstevens commented 2 years ago

@johngmyers any chance you're on a newer k8s version yet?

johngmyers commented 2 years ago

We are. We plan on doing this work in Q2.

johngmyers commented 2 years ago

It looks like the v1 CertificateSigningRequest API has removed the ability to support this use case. So this project is prevented from supporting Kubernetes 1.22 or later.

A possible replacement appears to be to use cert-manager with a CA Issuer type, an admission controller restricting the Certificate domain, the cert-manager csi-driver, and some other mechanism to distribute trust in the issuer's CA.