Tweets of November 30 2020
Even though everything mandates TLS in k8s/k3s there is no good answer to updating/rotating/distributing them??
Mon Nov 30 13:14:59 +0000 2020
Replying to @bboreham
looks too high level, i.e more focused on application getting certs not the lower level infra bits.
Mon Nov 30 13:22:51 +0000 2020
Replying to @bradfitz
ugh :(
Mon Nov 30 13:27:18 +0000 2020
Replying to @GuerillaNerd
I need to restart k3s for that too work \(at the correct time\). Also does that magically update the kubelet’s cert \(or mine virtual kubelet thing?\)
Mon Nov 30 14:31:54 +0000 2020
Replying to @tsaha
Oh!
Mon Nov 30 14:34:34 +0000 2020
Replying to @piper_jason and @bradfitz
I rather outsource this all to tailscale and use plain HTTP. But I can’t cause it’s all deeply embedded in client-go
Mon Nov 30 14:50:33 +0000 2020
Replying to @bradfitz and @piper_jason
hmm.... I got a nagging feeling that only solves half of my woos
Mon Nov 30 15:03:55 +0000 2020
Replying to @Itsuugo
that’s seems to operate above the infrastructure tooling