Certificate signer on CDK


#1

My goal is to write a MutatingAdmissionWebhook and I need to create a TLS certificate signed by the Kubernetes CA. By default the CDK does not seem to have a certificate signer setup and I’m wondering how I best go about this. It seems that I need 2 extra config parameters which I can set with controller-manager-extra-args namely --cluster-signing-cert-file and --cluster-signing-key-file. But I’m not sure what values these should get. Can anyone point me in the right direction to set this up?


#2

I got it working by copying the ca.key from the easyrsa lxd container to the kubernetes-master unit and saving it in /root/cdk.

After this I ran the juju config command:
juju config kubernetes-master "controller-manager-extra-args=cluster-signing-cert-file=/root/cdk/ca.crt cluster-signing-key-file=/root/cdk/ca.key"