Skip to content

Commit 1b12bb9

Browse files
tibetsamneolit123
tibetsam
and
neolit123
authored
remove usage of the "certificates" API for cert renewal (#26841)
* remove usage of the "certificates" API for cert renewal "--use-api" option is removed from kubeadm alpha certs renew command since k8s 1.19 * Update kubeadm-certs.md * Update content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md Co-authored-by: Lubomir I. Ivanov <[email protected]> Co-authored-by: Lubomir I. Ivanov <[email protected]>
1 parent 70dd147 commit 1b12bb9

File tree

1 file changed

+1
-30
lines changed

1 file changed

+1
-30
lines changed

content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md

Lines changed: 1 addition & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -170,36 +170,7 @@ controllerManager:
170170

171171
### Create certificate signing requests (CSR)
172172

173-
You can create the certificate signing requests for the Kubernetes certificates API with `kubeadm certs renew --use-api`.
174-
175-
If you set up an external signer such as [cert-manager](https://github.com/jetstack/cert-manager), certificate signing requests (CSRs) are automatically approved.
176-
Otherwise, you must manually approve certificates with the [`kubectl certificate`](/docs/setup/best-practices/certificates/) command.
177-
The following kubeadm command outputs the name of the certificate to approve, then blocks and waits for approval to occur:
178-
179-
```shell
180-
sudo kubeadm certs renew apiserver --use-api &
181-
```
182-
The output is similar to this:
183-
```
184-
[1] 2890
185-
[certs] certificate request "kubeadm-cert-kube-apiserver-ld526" created
186-
```
187-
188-
### Approve certificate signing requests (CSR)
189-
190-
If you set up an external signer, certificate signing requests (CSRs) are automatically approved.
191-
192-
Otherwise, you must manually approve certificates with the [`kubectl certificate`](/docs/setup/best-practices/certificates/) command. e.g.
193-
194-
```shell
195-
kubectl certificate approve kubeadm-cert-kube-apiserver-ld526
196-
```
197-
The output is similar to this:
198-
```shell
199-
certificatesigningrequest.certificates.k8s.io/kubeadm-cert-kube-apiserver-ld526 approved
200-
```
201-
202-
You can view a list of pending certificates with `kubectl get csr`.
173+
See [Create CertificateSigningRequest](https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/#create-certificatesigningrequest) for creating CSRs with the Kubernetes API.
203174

204175
## Renew certificates with external CA
205176

0 commit comments

Comments
 (0)