[Feature] Allow to select CSR signature algorithm #2998
Description
Describe the solution you'd like
Allow to select CSR signature algorithm from a set of secure methods
Describe the user value of this feature
Some cloud providers (like Azure) doesn't offer ED25519 in all of their regions. Some regions like uksouth use kubernetes' CA like:
Acceptable client certificate CA names
CN = ca
Requested Signature Algorithms: ECDSA+SHA256:RSA-PSS+SHA256:RSA+SHA256:ECDSA+SHA384:RSA-PSS+SHA384:RSA+SHA384:RSA-PSS+SHA512:RSA+SHA512:RSA+SHA1
Shared Requested Signature Algorithms: ECDSA+SHA256:RSA-PSS+SHA256:RSA+SHA256:ECDSA+SHA384:RSA-PSS+SHA384:RSA+SHA384:RSA-PSS+SHA512:RSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
Making the peering process unable to complete as controller-manager fails with:
E0319 09:27:14.514512 1 apiserverchecker.go:212] [blue-mgm-uksouth01] foreign API server readiness check failed: Get "https://[REDACTED].privatelink.uksouth.azmk8s.io:443/livez?timeout=32s": tls: peer doesn't support any of the certificate's signature algorithms
Being able to select another signature algorithm should let users install liqo in clusters with this limitation
Describe your proposed solution
No response
Do you volunteer to implement this feature?
- I want to implement this feature
Code of Conduct
- I agree to follow this project's Code of Conduct