mirror of
https://github.com/siderolabs/talos.git
synced 2025-10-09 06:31:25 +02:00
41430e72d2
If kubelet is configured to issue certificates from the control plane, `/var/lib/kubelet/pki/kubelet.crt` file is never created, and cluster CA canv be used to verify the TLS connection. Use k8s `RESTClient` instead of a custom client, this also results in much more descriptive error messages if API call fails. Fix a problem in apid on worker nodes with issued serving certificates: `/var/lib/kubelet/pki` doesn't exist by the time `apid` starts. First write static pods, then try to build kubelet client: for issued serving kubelet certificates, control plane should be up first. Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>