[NOTICE] CAA records for kubernetes.io today, k8s.io later

Skip to first unread message

Aaron Crickenberger

Sep 30, 2021, 11:13:57 AMSep 30
to Kubernetes Dev, kubernetes-s...@googlegroups.com
Greetings from one of your friendly SIG K8s Infra TLs!

tl;dr You can stop reading unless some part of your workflow involves issuing certificates for kubernetes.io or k8s.io

This morning we deployed a CAA record [1] for kubernetes.io [2].  Essentially this means no CA other than the ones we have specified are allowed to issue certificates for kubernetes.io or any of its subdomains.

We plan on letting this soak for O(weeks) before doing the same for k8s.io

If this has broken some part of your workflow, or is going to break your workflow, please reach out to us on this thread, or in #sig-k8s-infra on kubernetes.slack.com.

- aaron

Reply all
Reply to author
0 new messages