sigs.k8s.io/cluster-api@v1.7.1/docs/proposals/images/kubelet-authentication/client-authenticator-flow.plantuml

sigs.k8s.io/cluster-api@v1.7.1/docs/proposals/images/kubelet-authentication/client-authenticator-flow.plantuml (about)

     1  @startuml client-authenticator-flow
     2  
     3  (*) --> if "client certificate" then
     4    -->[file exists] if "certificate expires" then
     5     -->[less than 20 percent of time left] "Create CSR on API Server"
     6  else
     7   --> [more than 20 percent of time left] Return kubeconfig
     8   --> (*)
     9  endif
    10    else
    11    -->[file does not exist and bootstrap token provided] "Create CSR on API Server"
    12        --> "Get CSR"
    13        --> if "CSR" then
    14          --> ["is marked as invalid"] if "check CSR controller version" then
    15            --> [controller version supported] "Create CSR on API Server"
    16            else
    17            --> [controller version not supported] (*)
    18            endif
    19          else
    20          --> ["signed"] "Persist certificate"
    21          endif
    22        endif
    23  @enduml