[bdarnell]

> When would you need to revoke an individual cert and why wouldn't that be better handled by just shutting down the VM or container instead?

You revoke a cert when it's somehow been compromised and something other than the VM/container that's supposed to has it gets a copy of it.

[manigandham]

I cant see how that cert would be lost where the node/container hasn't already been compromised. At that point there is a critical security issue where revoking a single certificate doesn't seem to cover much since the entire cluster should be reviewed and secured again with new keys.

Either way, I'd much prefer to make that decision as the admin rather than be forced into either extreme. Removing hostnames and having an easy way to roll certificates would go far towards operational simplicity and security.