Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Do not make ca cert or pem keys required #62

Closed
bks7 opened this issue May 24, 2019 · 2 comments · Fixed by #238
Closed

Do not make ca cert or pem keys required #62

bks7 opened this issue May 24, 2019 · 2 comments · Fixed by #238

Comments

@bks7
Copy link

bks7 commented May 24, 2019

What is the reason for having ca cert or pem keys required? It doesn't make sense for me since the ca cert is being used only for establishing a connection to a kubernetes api. So for example, if you have kubernetes api behind AWS load balancer with a certificate from AWS certificate manager then you have to set either kubernetes_ca_cert with one of the AWS root CA's or set pem_keys. Setting public root CA looks odd to me. Setting pem_keys not always possible as described in #3 and changed in #4. Maybe we can get rid of such behavior? I think it won't make any harm because even if the kubernetes api would be secured with a self-signed certificate and a user would forget to set kubernetes_ca_cert he would see just an error like this x509: certificate signed by unknown authority", what makes clear to user that he needs to set kubernetes_ca_cert with appropriate ca cert.

@aleliaert
Copy link

Could the plugin default to using CAs within the host trust store? My organization has K8s behind AWS LBs as well, seems odd to have to provide a public trusted CA cert.

@LittleChimera
Copy link

Looks like it might be enough just to change this to x509.SystemCertPool()

certPool := x509.NewCertPool()

x509.SYstemCertPool()

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants