Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubeadm: add section on how to use the "generate-csr" command #43871

Merged
merged 1 commit into from
Dec 11, 2023
Merged

kubeadm: add section on how to use the "generate-csr" command #43871

merged 1 commit into from
Dec 11, 2023

Conversation

neolit123
Copy link
Member

@neolit123 neolit123 commented Nov 10, 2023
edited
Loading

The "generate-csr" command is useful in cases users don't wish to use the default certificate duration that kubeadm has hardcoded to 1 year. The command can also be used when the certificate rotation process is done manually, out of bounds with an external CA.

NOTE: this PR is correctly targeting the "main" branch; documents an existing feature.

fixes kubernetes/kubeadm#2959

@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. language/en Issues or PRs related to English language sig/docs Categorizes an issue or PR as relevant to SIG Docs. labels Nov 10, 2023
@neolit123
Copy link
Member Author

/sig cluster-lifecycle
/kind feature

@k8s-ci-robot k8s-ci-robot added sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. kind/feature Categorizes issue or PR as related to a new feature. labels Nov 10, 2023
@netlify Netlify
Copy link

netlify bot commented Nov 10, 2023
edited
Loading

Pull request preview available for checking

Built without sensitive environment variables

Name Link
🔨 Latest commit d174742
🔍 Latest deploy log https://app.netlify.com/sites/kubernetes-io-main-staging/deploys/655da08b0b815d00089a90eb
😎 Deploy Preview https://deploy-preview-43871--kubernetes-io-main-staging.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@neolit123 neolit123 force-pushed the 1.29-add-task-for-kubeadm-generate-csr branch from 76de246 to d60ace2 Compare November 11, 2023 14:53
@neolit123
Copy link
Member Author

/cc @SataQiu
/assign @sftim

there have been a number of questions by kubeadm users on how to sign CSRs or create certificates with a custom expiration.
this new guide is about that.

@k8s-ci-robot k8s-ci-robot requested a review from SataQiu November 11, 2023 14:56
@neolit123 neolit123 changed the title WIP: kubeadm: add section on how to use the "generate-csr" command kubeadm: add section on how to use the "generate-csr" command Nov 11, 2023
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 11, 2023
sftim
sftim reviewed Nov 21, 2023
View reviewed changes
Copy link
Contributor

@sftim sftim left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks ready for tech review. From a docs perspective I'm happy with it.

I did spot three nits.

content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md Outdated Show resolved Hide resolved
content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md Outdated Show resolved Hide resolved
content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md Outdated Show resolved Hide resolved
@neolit123 neolit123 force-pushed the 1.29-add-task-for-kubeadm-generate-csr branch from d60ace2 to b5002b1 Compare November 21, 2023 18:03
@neolit123
Copy link
Member Author

neolit123 commented Nov 21, 2023
edited
Loading

@sftim updated.

@SataQiu PTAL when possible for tech review / LGTM.

@neolit123
kubeadm: add section on how to use the "generate-csr" command
d174742 
The "generate-csr" command is useful in cases users don't
wish to use the default certificate duration that kubeadm has
hardcoded to 1 year. The command can also be used when the
certificate rotation process is done manually, out of bounds
with an external CA.
@neolit123 neolit123 force-pushed the 1.29-add-task-for-kubeadm-generate-csr branch from b5002b1 to d174742 Compare November 22, 2023 06:32
chendave
chendave reviewed Dec 11, 2023
View reviewed changes
Copy link
Member

@chendave chendave left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 11, 2023
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: 3f5f8d48808c680e2c315d19d87c598d3f966ab5

@neolit123
Copy link
Member Author

@chendave
thanks

This looks ready for tech review. From a docs perspective I'm happy with it.

@sftim any further comments on this one?

@sftim
Copy link
Contributor

sftim commented Dec 11, 2023

/approve

This might merge only after the repo is unfrozen (there is an upcoming release).

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: sftim

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 11, 2023
@k8s-ci-robot k8s-ci-robot merged commit 0c5cb41 into kubernetes:main Dec 11, 2023
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sftim sftim sftim left review comments

@chendave chendave chendave left review comments

@dipesh-rawat dipesh-rawat Awaiting requested review from dipesh-rawat

@onlydole onlydole Awaiting requested review from onlydole

@SataQiu SataQiu Awaiting requested review from SataQiu

Assignees

@chendave chendave

@sftim sftim

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. language/en Issues or PRs related to English language lgtm "Looks good to me", indicates that a PR is ready to be merged. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. sig/docs Categorizes an issue or PR as relevant to SIG Docs. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Generate certs with a custom validity by signing CSRs
4 participants
@neolit123 @k8s-ci-robot @sftim @chendave