Comments (4)
These certs should be the ones generated for serving the kubelet API, not the kubelet client certs.
See also #70 for how to fix this for the long term. Kip should generate its own certificates, not share and reuse existing kubelet certs. It should be pretty easy to fix, but it needs to go in node-cli, since the http server is set up via node-cli.
from kip.
These certs should be the ones generated for serving the kubelet API, not the kubelet client certs.
Thanks for clarifying, @ldx . By using /etc/kubelet-pki/kubelet-client-2020-05-05-06-52-14.pem
, i am essentially sharing one cert between kubelet where vk runs, and the virtual worker exposed by vk, right? Two followups:
- Is this the best workaround until #70 is fixed?
- If answer to above is yes, we would need to figure out a way to supply the right cert name (like
/etc/kubelet-pki/kubelet-client-2020-05-05-06-52-14.pem
) here and here in overlay files for GKE, right?
from kip.
kubelet-client-2020-05-05-06-52-14.pem is probably the client cert, for serving its API the kubelet uses the other cert (unless GKE has different naming conventions for the kubelet certs). I think the easiest way would be fixing it as suggested in #70
from kip.
This has been fixed via d99177f
from kip.
Related Issues (20)
- Add map of instance families that support running as dedicated hosts to instance selector
- Provisioning documentation and configuration for standing up a cluster that can run mac1 instances
- Implement instance selector back-pressure
- Make sure dedicated host is "available" before launching an instance onto it
- Make sure the Base AMI is ready for the VM template HOT 1
- Set all needed EBS params in RunInstance request
- Redundant Ticker HOT 1
- Implement GetDNSInfo for azure
- Document provider configuration for azure
- Fix parsing virtualNetwork name for azure
- Create azure VM cell image HOT 1
- KIP init-cert does not work on EKS 1.19
- updating pricing data for EC2 instances stopped working
- KIP does not support BoundServiceAccount Token Volume
- Terraform main.tf doesn't work with mac with apple m1 chip
- Add smoke test for GKE
- service account token missing in pod HOT 1
- failing container does not increase Restart count, and log content is unexpected
- issues deploying pods to kip provider in minikube
- Singularity support in KIP provider
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kip.