kubernetes: ECDSA not supported for CA

Hi,

I tried to do this PKI configuration and didn’t worked until I switch CA cert algorithm to RSA.

  • This doesn’t work:
Root CA: ECDSA-521
Intermediate CA: ECDSA-521
API Server Certificate: RSA-2048
  • This works instead:
Root CA: RSA-4096
Intermediate CA: RSA-4096
API Server Certificate: RSA-2048

Is ECDSA unsupported?

Thanks,

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Comments: 15 (7 by maintainers)

Most upvoted comments

deleting the stale service account tokens and letting the controller manager regenerate them should be sufficient. If you don’t have other secrets you care about, you can do a blanket delete of ALL secrets (kubectl delete secrets --all-namespaces).

If you do have other secrets you want to preserve, you’ll likely need to do a fieldSelector of “type=kubernetes.io/service-account-token” to limit which secrets you want to delete.

+1
liggitt on Feb 1, 2016
Read more comments on GitHub
← kubernetes: EBS fails to detach after controller manager is restarted
kubernetes: Elasticsearch stops logging on AWS cluster →