metrics-server icon indicating copy to clipboard operation
metrics-server copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

Pass Kubelet certificate CA bundle as an argument

Open qdii opened this issue 2 years ago • 4 comments

What would you like to be added:

A new argument --kubelet-certificate-authority-text which allows the CA to be passed as an argument instead of as a path.

Why is this needed:

The current way to feed a CA to metrics-server is to use --kubelet-certificate-authority. This requires the certificate to be present in the metrics-server pod, which isn't easy to do in a persistent way using the Helm chart (maybe we could use extraVolumeMounts and a ad-hoc ConfigMap created for this purpose).

These additional steps makes securing the setup a little bit involved. The ability to simply pass the certificate would ease this.

/kind feature

qdii avatar Apr 29 '23 14:04 qdii

/triage accepted /assign @serathius

dgrisonnet avatar Jun 29 '23 16:06 dgrisonnet

@dgrisonnet I would like to give this a try if it no one has taken it up. Thanks!

csauoss avatar Jul 05 '24 03:07 csauoss

/assign @csauoss

serathius avatar Jul 05 '24 07:07 serathius

@serathius @dgrisonnet when you get a chance, can you please review #1516?

csauoss avatar Jul 15 '24 05:07 csauoss