kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

kubeadm: add note about a bug in the PublicKeysECDSA FG 

The PublicKeysECDSA has been poorly tested and supported and
apparently it had a bug where keys in kubeconfig files were
using RSA even if the FG was true.

Add note about that in the FG section of the kubeadm init doc.
pull/46795/head
Lubomir I. Ivanov 2024-06-12 12:32:22 +03:00
parent d49f82322d
commit a493517449
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
content/en/docs/reference/setup-tools/kubeadm/kubeadm-init.md
View File

@ -174,7 +174,9 @@ as a learner and promoted to a voting member only after the etcd data are fully
`PublicKeysECDSA`
: Can be used to create a cluster that uses ECDSA certificates instead of the default RSA algorithm.
Renewal of existing ECDSA certificates is also supported using `kubeadm certs renew`, but you cannot
switch between the RSA and ECDSA algorithms on the fly or during upgrades.
switch between the RSA and ECDSA algorithms on the fly or during upgrades. Kubernetes
{{< skew currentVersion >}} has a bug where keys in generated kubeconfig files are set use RSA
despite the feature gate being enabled.
`RootlessControlPlane`
: Setting this flag configures the kubeadm deployed control plane component static Pod containers