cockroach-k8s-request-cert still uses k8s.io/api/certificates/v1beta1 which has been deprecated in Kubernetes v1.22
diogokiss opened this issue · comments
Description
The code for the Docker image used in the example for setting up an application that needs a TLS client certificate to connect to CRDB running in Kubernetes still references a deprecated version of a Kubernetes API (k8s.io/api/certificates/v1beta1).
Related
#239
Symptom
This causes the following error in Kubernetes v1.22.
+ /request-cert '-namespace=edge-connect' '-certs-dir=/cockroach-certs' '-type=client' '-user=root' '-symlink-ca-from=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt'
2022/06/13 12:38:34 Looking up cert and key under secret edge-connect.client.root
W0613 12:38:34.900090 1 client_config.go:529] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
2022/06/13 12:38:34 Secret edge-connect.client.root not found, sending CSR
Sending create request: edge-connect.client.root for
2022/06/13 12:38:34 failed to get certificate: CertificateSigningRequest.Create(edge-connect.client.root) failed: the server could not find the requested resource
Possible solution
Upgrade the code to use k8s.io/api/certificates/v1 instead.
Hi @diogokiss!
The operator comes with its own example for connecting to a cluster.
Could you point us to where you found the original link so we can ensure that it's updated to the correct yaml file?
Fair enough. I might have found it by Googling.
And, of course, apologies for the 5 months delay in responding to this. 😞