Automating CA certificate rotation

[csengerszabo]

Description of the feature you would like to add / User story

As a KubeOne cluster admin I would like to rotate the CA certificates in an automated way in order not to do risky manual process.

Solution details

• A CLI feature in KubeOne that does a rotation of CA certificates in a fully automated way without human interaction

Alternative approaches

• Using a VPN or reverse proxy to control admission to the cluster with an external wall
• Manual rotation of CA certificates in Kubernetes. But it is risky, as many things could go wrong.

Use cases

• Colleague leaves the company and we'd like to ensure if they won't reach the cluster anymore.

Additional information

• Steps of Manual rotation of CA certificates in Kubernetes