Closed sergelogvinov closed 6 days ago
This issue is stale because it has been open 180 days with no activity. Remove stale label or comment or this will be closed in 7 days.
This issue was closed because it has been stalled for 7 days with no activity.
We can create all configs for Kubelet on pre-run stage and store them in /system/secrets/kubelet (as control plane)
Store the Kubelet certs (client/server) in /system/state/kubelet folder In this case we need encrypt only STATE partition and keep open EPHEMERAL storage
Create kubelet certs (client/server) on Controlplane We have CA certs and we can do it. It helps to speed up bootstrap nodes even kubelet has flag rotate-server-certificates Talos call kubelet api to check pod run status. In case rotate-server-certificates - talos cannot do it.