Maintain-kubeusers is using certificates/v1beta1, it needs to be updated to certificates/v1 before updating to Kubernetes 1.22. As of T280300 the Python API bindings we were using unfortunately did not support that API yet.
|Open||None||T307651 Upgrade Toolforge Kubernetes to version 1.24|
|Open||None||T298005 Upgrade Toolforge Kubernetes to version 1.23|
|Open||None||T286856 Upgrade Toolforge Kubernetes to latest 1.22|
|Resolved||taavi||T286857 Update maintain-kubeusers to certificates/v1 api|
|Resolved||Bstorm||T289390 Certificate generation is broken in toolsbeta|
certificates/v1 comes with some interesting problems. For one, you need to include the singerName field or it yells at you. Usually, that's just signerName: kubernetes.io/kube-apiserver-client affect. However, I'm not getting a certificate out the other side when I do that in toolsbeta. I don't know if that's because toolsbeta is broken or something else.