certificates default to tolerate no key encipherment

2025-07-29 22:46:12 +00:00 · 2022-08-03 16:39:55 +08:00 · 2022-08-03 16:39:55 +08:00 · 3ace3eb74b
commit 3ace3eb74b
parent 685d639cb5
1 changed files with 2 additions and 2 deletions
--- a/pkg/apis/certificates/v1beta1/defaults.go
+++ b/pkg/apis/certificates/v1beta1/defaults.go
@ -56,9 +56,9 @@ func DefaultSignerNameFromSpec(obj *certificatesv1beta1.CertificateSigningReques
 		// Set the signerName to 'legacy-unknown' as the CSR could not be
 		// recognised.
 		return certificatesv1beta1.LegacyUnknownSignerName
-	case IsKubeletClientCSR(csr, obj.Usages, false):
+	case IsKubeletClientCSR(csr, obj.Usages, true):
 		return certificatesv1beta1.KubeAPIServerClientKubeletSignerName
-	case IsKubeletServingCSR(csr, obj.Usages, false):
+	case IsKubeletServingCSR(csr, obj.Usages, true):
 		return certificatesv1beta1.KubeletServingSignerName
 	default:
 		return certificatesv1beta1.LegacyUnknownSignerName