K
Q

Is it possible to set RotateCertificates to false in KubeletConfiguration

4/3/2020

I am trying to set RotateCertificates to false in the KubeletConfiguration of my kubadm.conf

This documentation suggests that it is possible: https://godoc.org/k8s.io/kubelet/config/v1beta1#KubeletConfiguration But when I run kubadm init the /var/lib/kubelet/config.yaml contain rotateCertificates: true

All I have found when searching for the source of the problem is the following code that seems to suggest that the value is hardcoded to true: https://github.com/kubernetes/kubernetes/blob/ff809a5d953ba778270ce8790b21d394821e1e28/cmd/kubeadm/app/componentconfigs/kubelet.go#L173

Is it possible to set RotateCertificates to false in kubernetes 1.18 or is it hardcoded? If it is possible to set it how does one do?

-- Gautier Berthou
kubernetes

Similar Questions

Minikube log rotation
Allow Kubernetes user list/get namespaces
Call external IP from kubernetes using Calico network
Does a Kubernetes POD with restart policy always have to be under the auspice of a controller to work?

1 Answer

4/6/2020

As far as I understand and checked in this github issue, it's hardcoded as true.

As @neolit123 mentioned in comments

yes, enforcing a value of true, for a kubelet boolean field for which we cannot determine if the user has set it explicitly to false or if the language defaulted a structure field to false.

this has to be fixed for kubelet v1beta2.

Additionally a commit note

A recent commit added warnings for KubeletConfiguration and KubeProxyConfiguration fields that kubeadm cares about and does not recommend the user modifying them. Kubelet's "rotateCertificates" cannot be handled using this function as there is not way to figure out if the user has set it explicitly to "false". Hardcode the value to "true" and add a comment about that.

-- jt97
Source: StackOverflow