mirror of https://github.com/k3s-io/k3s
7555dec82e
The client cert manager uses the most recent cert to request new certificates. If that certificate is expired, it will be unable to complete new CSR requests. This commit alters the manager to force process exit if no further client cert rotation is possible, which is expected to trigger a restart of the kubelet and either a re-bootstrap from the bootstrap kubeconfig or a re-read of the current disk state (assuming that some other agent is managing the bootstrap configuration). This prevents the Kubelet from wedging in a state where it cannot make API calls. |
||
|---|---|---|
| .. | ||
| bootstrap | ||
| BUILD | ||
| OWNERS | ||
| kubelet.go | ||
| transport.go | ||
| transport_test.go | ||