You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
According to the vcluster cli source code, every time when we execute command vcluter connect <vcluster-name>, the vlcuster cli program will fetch the kubeconfig information from secrete, this secret is created after the vcluster pod is running.
And I checked the certificate inside of the kubeconfig (which is fetched out of the secret) , the certificate inside of this kubeconfig only last 1 year.
well, there is problem, what if someone create a vcluster, and it keeps running more than 1 year, and after that , he can't use vcluster connect <vcluster-name> any more. I mean according to the code , the vlcuster seems won't update the kubeconfig and certificate automaticly.
well , maybe I neglected some codes hava already done those work , if so ,please let me know !
Which solution do you suggest?
if this scenario does exist , we probably could add a sub command of vcluster cli , which will update the kubeconfig and certificate sotred in the secret.
maybe, there are some other better way to impliment this ? such as auto update the certificate inside of the sync progress or something else?
Which alternative solutions exist?
No response
Additional context
No response
The text was updated successfully, but these errors were encountered:
. If you want to ignore the certificate you can also do vcluster connect ... --insecure
Yes thanks for replying , I'v read this part of codes, and this function controllerutil.CreateOrPatch that you mentioned could be useful for create or update a object,.
basically,, inorder to avoid the certificate out of date, we need to impliment a fucntion in the vcluster it self , the function periodically sign a new certificate and update it into the secret before the certificate out-date.
am I right? did I get anything wrong?
Thanks for your replying again!!
Is your feature request related to a problem?
According to the vcluster cli source code, every time when we execute command
vcluter connect <vcluster-name>
, the vlcuster cli program will fetch the kubeconfig information from secrete, this secret is created after the vcluster pod is running.And I checked the certificate inside of the kubeconfig (which is fetched out of the secret) , the certificate inside of this kubeconfig only last 1 year.
well, there is problem, what if someone create a vcluster, and it keeps running more than 1 year, and after that , he can't use
vcluster connect <vcluster-name>
any more. I mean according to the code , the vlcuster seems won't update the kubeconfig and certificate automaticly.well , maybe I neglected some codes hava already done those work , if so ,please let me know !
Which solution do you suggest?
if this scenario does exist , we probably could add a sub command of vcluster cli , which will update the kubeconfig and certificate sotred in the secret.
maybe, there are some other better way to impliment this ? such as auto update the certificate inside of the sync progress or something else?
Which alternative solutions exist?
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: