From 21c1aed4fd3636906e1f36ca01b5f6d94fec6bbd Mon Sep 17 00:00:00 2001 From: Anton Gilgur Date: Sun, 16 Apr 2023 14:12:42 -0400 Subject: [PATCH] docs(release): add note to 1.22 about the CA CN rename - this broke some of my teams' automation code that relied on the CN, so thought it would be good to call out in case anyone else stumbles upon this in order to not spend a few hours debugging - this change may particularly impact Prod environments, where the cluster has not been rebuilt in some time (years), and so they will have the old CN while new clusters in lower environments will have the new CN - so code that relies on the CN may unexpectedly break Production while working fine in lower environments - fortunately we caught this in our QA env, but it passed Dev fine --- docs/releases/1.22-NOTES.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/releases/1.22-NOTES.md b/docs/releases/1.22-NOTES.md index 63c1d085a0d2a..2eb9a4eb757fc 100644 --- a/docs/releases/1.22-NOTES.md +++ b/docs/releases/1.22-NOTES.md @@ -163,6 +163,9 @@ For file assets, it means adding an explicit path as shown below: The previous behavior of using self-signed certs may be restored by setting `kubeControllerManager.tlsCertFile` and/or `kubeScheduler.tlsCertFile` to `""` in the cluster spec. +* kOps has changed the CN of the Kubernetes general CA from `kubernetes` to `kubernetes-ca`. + This change is backward-compatible, but if you were relying on the CN for some code, you will need to ensure it is compatible with both the old name and the new name as you may have older clusters with the old CN and newer clusters with the new CN. + * Cilium now supports the wireguard protocol for transparent encryption.