[NOTICE] CAA records for kubernetes.io today, k8s.io later

55 views

Skip to first unread message

Aaron Crickenberger

unread,

Sep 30, 2021, 11:13:50 AM9/30/21

to Kubernetes Dev, kubernetes-s...@googlegroups.com

Greetings from one of your friendly SIG K8s Infra TLs!

tl;dr You can stop reading unless some part of your workflow involves issuing certificates for kubernetes.io or k8s.io

This morning we deployed a CAA record [1] for kubernetes.io [2]. Essentially this means no CA other than the ones we have specified are allowed to issue certificates for kubernetes.io or any of its subdomains.

We plan on letting this soak for O(weeks) before doing the same for k8s.io

If this has broken some part of your workflow, or is going to break your workflow, please reach out to us on this thread, or in #sig-k8s-infra on kubernetes.slack.com.

- aaron

[1]: https://letsencrypt.org/docs/caa/

[2]: https://github.com/kubernetes/k8s.io/pull/1849

Reply all

Reply to author

Forward

0 new messages