Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Discussion] How about deprecating kubelet certificate management mode (Yurthub shares certificates with Kubelet) in future releases? #573

Closed
qclc opened this issue Nov 11, 2021 · 3 comments · Fixed by #639
Closed

[Discussion] How about deprecating kubelet certificate management mode (Yurthub shares certificates with Kubelet) in future releases? #573

qclc opened this issue Nov 11, 2021 · 3 comments · Fixed by #639
Labels
kind/question kind/question

Comments

@qclc
Copy link
Member

qclc commented Nov 11, 2021

What would you like to be discussed:

  1. In future versions, yurthub and kubelet shared certificate mode will be removed and the related interface will be deprecated.
  2. At the same time, in the process of using the current OpenYurt version, the system prompts the user that the certificate sharing with kubelet is no longer supported in the later version.

Why is this needed:

  1. Certificate rotation problem may occur when Yurthub shares certificates with Kubelet
    When Yurthub shares a certificate with Kubelet, if the Kubelet certificate expires during the cloud-side disconnection, yurthub that shares the kubelet certificate will also not work. In this case, Kubelet cannot update the node certificate through Yurthub. For this reason, Yurthub proposes its own certificate management mode, hubself (The related PR is here).

  2. In ordinary use, users are not aware of the option to share with kubelet certificates:
    At present, the default certificate mode of Yurthub is hubself mode, which is also the certificate management mode recommended by the community. From the perspective of users, when using yurtctl to convert Kubernetes cluster or nodes, adding nodes to OpenYurt cluster, the hubself certificate management mode is used default. Users are not aware of the kubelet sharing mode unless they manually deploy or change Yurthub.

Due to the above two main reasons, and in order to avoid users' confusion about these two modes, can we gradually stop the maintenance and support of the mode of Yurthub sharing kubelet certificate, and delete this mode in the future version?
@qclc qclc added the kind/question kind/question label Nov 11, 2021
@rambohe-ch
Copy link
Member

@qclc Thank you for raising issue.
There are literally no users using kubelet mode, so i agree with you that remove kubelet certificate mode from yurthub.

@rambohe-ch
Copy link
Member

@qclc would you can take over and remove kubelet mode from yurthub?

@qclc
Copy link
Member Author

qclc commented Nov 11, 2021

@qclc would you can take over and remove kubelet mode from yurthub?

Yes, I am willing to take over and remove kubelet mode from yurthub.

@qclc qclc mentioned this issue Nov 12, 2021
Merged
6 tasks
@qclc qclc mentioned this issue Nov 30, 2021
Merged
@Congrool Congrool mentioned this issue Jul 3, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/question kind/question
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

deprecate kubelet certificate management mode qclc/openyurt
2 participants
@qclc @rambohe-ch