[METRICS-SERVER] New kubelet-certificate-authority flag available (v0.3.2)

[luarx]

1. Describe IN DETAIL the feature/behavior/change you would like to see.
Don't use kubelet-insecure-tls flag by default in https://github.com/kubernetes/kops/blob/master/addons/metrics-server/v1.8.x.yaml because of security reasons.

Maybe using the new --kubelet-certificate-authority flag this could be done.

2. Feel free to provide a design supporting your feature request.
This should be changed here https://github.com/kubernetes/kops/blob/master/addons/metrics-server/v1.8.x.yaml

[fejta-bot]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

[Symbianx]

I'm trying to use this new flag on my deployment. However I'm struggling to find the CA that signs the kubelet certificates. Do you know where that is?

[luarx]

Check kubelet process that is running, sometimes it has specified the CA file as a flag

[Symbianx]

Our kubelet processes didn't specify it. After looking more into it, we found out each host had its own self signed CA for the kubelets. Is there any way to share a CA between all kubelets using kops?

[fejta-bot]

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

[fejta-bot]

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

[k8s-ci-robot]

@fejta-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[Nilubkal]

/reopen

[k8s-ci-robot]

@Nilubkal: You can't reopen an issue/PR unless you authored it or you are a collaborator.

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.