Skip to content

v0.8.0

Pre-release
Pre-release
Compare
Choose a tag to compare
@kvaps kvaps released this 09 Nov 21:48
· 46 commits to master since this release
v0.8.0
8ab2b8e

  • Breaking change: The sa secret type changed and now fully generated by cert-manager

    To update existing clusters, please run the following before the update:

    RELEASE_NAME=foo
RELEASE_NAMESPACE=foo
kubectl -n ${RELEASE_NAMESPACE} get secret ${RELEASE_NAME}-kubernetes-pki-sa -o yaml >/tmp/sa.yaml
sed -i -e 's/sa.pub/tls.crt/' -e 's/sa.key/tls.key/' -e 's|^type: Opaque|type: kubernetes.io/tls|' /tmp/sa.yaml
kubectl delete -f /tmp/sa.yaml
kubectl apply -f /tmp/sa.yaml

    Most likely you will have to recreate keys for all service accounts and restart the associated workload any way:

    kubectl get secret --all-namespaces | grep 'kubernetes.io/service-account-token' | awk '{ print "kubectl delete secret -n " $1 " " $2}' | sh -x

  • All client certificates used in kubeconfigs now generated by cert-manager

  • ServiceAccount and roles to create secrets and configmaps in admin-cluster now fully removed

  • Add server cerificates for controller-manager and scheduler (for the healthcheck and metrics collection)

  • apiserver secrtificate renamed to apiserver-server

Assets 2
Loading