From 56e0a571c00069148603d0e1e6b107a655cdcc24 Mon Sep 17 00:00:00 2001 From: Jordan Liggitt Date: Fri, 27 Jul 2018 16:03:50 -0400 Subject: [PATCH] Move kubelet serving cert rotation to beta --- cmd/kubelet/app/options/options.go | 2 +- pkg/features/kube_features.go | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/cmd/kubelet/app/options/options.go b/cmd/kubelet/app/options/options.go index bdf81990c66..0e9e478f97a 100644 --- a/cmd/kubelet/app/options/options.go +++ b/cmd/kubelet/app/options/options.go @@ -478,7 +478,7 @@ func AddKubeletConfigFlags(mainfs *pflag.FlagSet, c *kubeletconfig.KubeletConfig "If --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key "+ "are generated for the public address and saved to the directory passed to --cert-dir.") fs.StringVar(&c.TLSPrivateKeyFile, "tls-private-key-file", c.TLSPrivateKeyFile, "File containing x509 private key matching --tls-cert-file.") - fs.BoolVar(&c.ServerTLSBootstrap, "rotate-server-certificates", c.ServerTLSBootstrap, " Auto request and rotate the kubelet serving certificates by requesting new certificates from the kube-apiserver when the certificate expiration approaches. Requires the RotateKubeletServerCertificate feature gate to be enabled.") + fs.BoolVar(&c.ServerTLSBootstrap, "rotate-server-certificates", c.ServerTLSBootstrap, "Auto-request and rotate the kubelet serving certificates by requesting new certificates from the kube-apiserver when the certificate expiration approaches. Requires the RotateKubeletServerCertificate feature gate to be enabled, and approval of the submitted CertificateSigningRequest objects.") tlsCipherPossibleValues := flag.TLSCipherPossibleValues() fs.StringSliceVar(&c.TLSCipherSuites, "tls-cipher-suites", c.TLSCipherSuites, diff --git a/pkg/features/kube_features.go b/pkg/features/kube_features.go index 855ede1066d..b89dce9967b 100644 --- a/pkg/features/kube_features.go +++ b/pkg/features/kube_features.go @@ -69,6 +69,7 @@ const ( // owner: @mikedanese // alpha: v1.7 + // beta: v1.12 // // Gets a server certificate for the kubelet from the Certificate Signing // Request API instead of generating one self signed and auto rotates the @@ -359,7 +360,7 @@ var defaultKubernetesFeatureGates = map[utilfeature.Feature]utilfeature.FeatureS ExperimentalCriticalPodAnnotation: {Default: false, PreRelease: utilfeature.Alpha}, DevicePlugins: {Default: true, PreRelease: utilfeature.Beta}, TaintBasedEvictions: {Default: false, PreRelease: utilfeature.Alpha}, - RotateKubeletServerCertificate: {Default: false, PreRelease: utilfeature.Alpha}, + RotateKubeletServerCertificate: {Default: true, PreRelease: utilfeature.Beta}, RotateKubeletClientCertificate: {Default: true, PreRelease: utilfeature.Beta}, PersistentLocalVolumes: {Default: true, PreRelease: utilfeature.Beta}, LocalStorageCapacityIsolation: {Default: true, PreRelease: utilfeature.Beta},