bootkube replacement: split k8s.secrets into multiple resources #3062

smira · 2021-01-29T12:35:13Z

Split into resources by usage:

etcd certs
root k8s CAs
generated k8s certs

Intermediate secret material config resource to prevent cert regeneration without any real changes

Fixes siderolabs#3062 There's no user-visible change in this PR. It carefully separates generated secrets (e.g. certs) from source secrets from the config (e.g. CAs), so that certs are generated on config changes which actually affect cert input. And same way separates etcd and Kubernetes PKI, so if etcd CA got changed, only etcd certs will be regenerated. This should have noticeable impact with RSA-based PKI as it reduces number of times PKI gets generated. Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>

Fixes #3062 There's no user-visible change in this PR. It carefully separates generated secrets (e.g. certs) from source secrets from the config (e.g. CAs), so that certs are generated on config changes which actually affect cert input. And same way separates etcd and Kubernetes PKI, so if etcd CA got changed, only etcd certs will be regenerated. This should have noticeable impact with RSA-based PKI as it reduces number of times PKI gets generated. Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>

smira self-assigned this Feb 17, 2021

smira mentioned this issue Feb 18, 2021

refactor: split kubernetes/etcd resource generation into subresources #3180

Merged

talos-bot closed this as completed in #3180 Feb 19, 2021

github-actions bot locked as resolved and limited conversation to collaborators Jun 27, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

bootkube replacement: split k8s.secrets into multiple resources #3062

bootkube replacement: split k8s.secrets into multiple resources #3062

smira commented Jan 29, 2021

bootkube replacement: split k8s.secrets into multiple resources #3062

bootkube replacement: split k8s.secrets into multiple resources #3062

Comments

smira commented Jan 29, 2021