certificates.k8s.io/v1beta1 CertificateSigningRequest is deprecated in v1.19+, unavailable in v1.22+; use certificates.k8s.io/v1 CertificateSigningRequest

[ruiyang2015]

Getting this error since we upgrade our GKE to use k8s 1.21.
It will be great if you can bump the v1beta1 to the new k8s api entrypoint.

[johngmyers]

We aren't running a Kubernetes version that has v1 yet, so this may take a while.

[thejosephstevens]

@johngmyers any chance you're on a newer k8s version yet?

[johngmyers]

We are. We plan on doing this work in Q2.

[johngmyers]

It looks like the v1 CertificateSigningRequest API has removed the ability to support this use case. So this project is prevented from supporting Kubernetes 1.22 or later.

A possible replacement appears to be to use cert-manager with a CA Issuer type, an admission controller restricting the Certificate domain, the cert-manager csi-driver, and some other mechanism to distribute trust in the issuer's CA.