Frederik Weber

@neolit123 Thank you very much for your fast response and the clarifications. If i understand it correctly, the issue https://github.com/kubernetes/kubernetes/issues/80063 is more about mapping the hole PKI dir into the...

> i'm not so sure about this and i haven't tried it. my understanding is that if the server no longer has self-signed certificates this means that it would reject...

> i'd say, at minimum it would be worthy of a enhancement proposal (KEP): > https://github.com/kubernetes/enhancements/tree/master/keps Would it be okay for you if I'd start the process?

What if the kube-scheduler and kube-controller-manager would manage their front facing server certificate with the `certificates.k8s.io` API? There would need to be a new controller to automatically sign the CSRs....

I just double checked it. The problem seems to be, that the scheduler does not provide a clean error message if not properly authenticated. If you authenticate against the /metrics...

Hi @dopey Thank you very much for the quick response. It is possible on the step-certificate (step-ca) side to omit the encryptedKey but AFAIK not on the step-issuer side inside...

Added the ability to change the default text

Is there any update on this? The Portal still seems to use the Beta endpoint. What is the recommended way for automating these parts over an API? Does Microsoft recommend...