Skip to content

Commit 4a9a465

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #588 from Kartik494/ValidateWebhook
Update CertificateSigningRequest apiversion to V1
2 parents 0a8fc62 + f8992bb commit 4a9a465

File tree

1 file changed

+3
-2
lines changed

1 file changed

+3
-2
lines changed

deploy/kubernetes/webhook-example/create-cert.sh

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -72,21 +72,22 @@ DNS.3 = ${service}.${namespace}.svc
7272
EOF
7373

7474
openssl genrsa -out ${tmpdir}/server-key.pem 2048
75-
openssl req -new -key ${tmpdir}/server-key.pem -subj "/CN=${service}.${namespace}.svc" -out ${tmpdir}/server.csr -config ${tmpdir}/csr.conf
75+
openssl req -new -key ${tmpdir}/server-key.pem -subj "/CN=system:node:${service}.${namespace}.svc;/O=system:nodes" -out ${tmpdir}/server.csr -config ${tmpdir}/csr.conf
7676

7777
# clean-up any previously created CSR for our service. Ignore errors if not present.
7878
kubectl delete csr ${csrName} 2>/dev/null || true
7979

8080
# create server cert/key CSR and send to k8s API
8181
cat <<EOF | kubectl create -f -
82-
apiVersion: certificates.k8s.io/v1beta1
82+
apiVersion: certificates.k8s.io/v1
8383
kind: CertificateSigningRequest
8484
metadata:
8585
name: ${csrName}
8686
spec:
8787
groups:
8888
- system:authenticated
8989
request: $(cat ${tmpdir}/server.csr | base64 | tr -d '\n')
90+
signerName: kubernetes.io/kubelet-serving
9091
usages:
9192
- digital signature
9293
- key encipherment

0 commit comments

Comments
 (0)