Document cluster-info ConfigMap; document cluster CA Certificate renewal

[daddy-joseph97]

I haven't seen anywhere if a tool updates cluster-info. In fact, 'cluster-info' seems magical and undocumented so that after days of failure in adding a non-master worker node I eventually found a kind soul who knew of the problem. Please graciously consider documenting this apparently critical file along with the kubectl join documentation and also including here in the info regarding renewing the cluster CA and other certificates.

[k8s-ci-robot]

This issue is currently awaiting triage.

SIG Docs takes a lead on issue triage for this website, but any Kubernetes member can accept issues by applying the triage/accepted label.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[dipesh-rawat]

Page initially included as part of issue: https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/
/language en

[dipesh-rawat]

/retitle Document 'cluster-info' and Cluster CA Certificate renewal

[neolit123]

I haven't seen anywhere if a tool updates cluster-info. In fact, 'cluster-info' seems magical and undocumented so that after days of failure in adding a non-master worker node I eventually found a kind soul who knew of the problem. Please graciously consider documenting this apparently critical file along with the kubectl join documentation and also including here in the info regarding renewing the cluster CA and other certificates.

cluster-info is actually not kubeadm specific. same goes for bootstrap tokens.
note that most users don't need to know it exists.
it is not clear what failures you had exactly, but overall i do not object to have more information about cluster-info at k/website.

the configmap is documented here:
https://kubernetes.io/docs/reference/access-authn-authz/bootstrap-tokens/

this page has cluster-info CA rotation mentioned:
https://kubernetes.io/docs/tasks/tls/manual-rotation-of-ca-certificates/

this page can include a basic note that kubeadm uses cluster-info for bootstrap with bootstrap tokens.
https://kubernetes.io/docs/reference/setup-tools/kubeadm/implementation-details/

similar note can be added here:
https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-join/

[neolit123]

Page initially included as part of issue: https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/ /language en

maybe we shouldn't update this page.

[neolit123]

/sig auth cluster-lifecycle

@daddy-joseph97 (or someone else) if you are willing to send a PR, help is appreciated.

[Gauravpadam]

I haven't seen anywhere if a tool updates cluster-info. In fact, 'cluster-info' seems magical and undocumented so that after days of failure in adding a non-master worker node I eventually found a kind soul who knew of the problem. Please graciously consider documenting this apparently critical file along with the kubectl join documentation and also including here in the info regarding renewing the cluster CA and other certificates.

cluster-info is actually not kubeadm specific. same goes for bootstrap tokens. note that most users don't need to know it exists. it is not clear what failures you had exactly, but overall i do not object to have more information about cluster-info at k/website.

the configmap is documented here: https://kubernetes.io/docs/reference/access-authn-authz/bootstrap-tokens/

this page has cluster-info CA rotation mentioned: https://kubernetes.io/docs/tasks/tls/manual-rotation-of-ca-certificates/

this page can include a basic note that kubeadm uses cluster-info for bootstrap with bootstrap tokens. https://kubernetes.io/docs/reference/setup-tools/kubeadm/implementation-details/

similar note can be added here: https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-join/

Hello,
I'd like to assign this issue to myself , I'll add the note to the links as mentioned above

[Gauravpadam]

/assign

[sftim]

Issue #30575 covers the process for updating TLS certificates and keys (not yet documented)

We ie, you) could update this issue to describe what to document around cluster-info @daddy-joseph97; would that suit you?

[sftim]

/retitle Document cluster-info ConfigMap; document cluster CA Certificate renewal

[stlaz]

/close

The configmap appears to be documented in https://kubernetes.io/docs/reference/access-authn-authz/bootstrap-tokens/#configmap-signing.
Since the reporter did not reply about what exactly they would like improved, I'm closing this issue.

[k8s-ci-robot]

@stlaz: Closing this issue.

In response to this:

/close

The configmap appears to be documented in https://kubernetes.io/docs/reference/access-authn-authz/bootstrap-tokens/#configmap-signing.
Since the reporter did not reply about what exactly they would like improved, I'm closing this issue.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.