krib/sign-kubelet-server-certs

certmanager acme challenge dns01 provider

When this param is set to true, then the kubelets will be configured to request their certs from the cluster CA, using CSRs. The CSR approver won't natively sign server certs, so a custom operator, https://github.com/kontena/kubelet-rubber-stamp, will be deployed to sign these.

Defaults to 'false'.