You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What is the reason for having ca cert or pem keys required? It doesn't make sense for me since the ca cert is being used only for establishing a connection to a kubernetes api. So for example, if you have kubernetes api behind AWS load balancer with a certificate from AWS certificate manager then you have to set either kubernetes_ca_cert with one of the AWS root CA's or set pem_keys. Setting public root CA looks odd to me. Setting pem_keys not always possible as described in #3 and changed in #4. Maybe we can get rid of such behavior? I think it won't make any harm because even if the kubernetes api would be secured with a self-signed certificate and a user would forget to set kubernetes_ca_cert he would see just an error like this x509: certificate signed by unknown authority", what makes clear to user that he needs to set kubernetes_ca_cert with appropriate ca cert.
The text was updated successfully, but these errors were encountered:
Could the plugin default to using CAs within the host trust store? My organization has K8s behind AWS LBs as well, seems odd to have to provide a public trusted CA cert.
What is the reason for having ca cert or pem keys required? It doesn't make sense for me since the ca cert is being used only for establishing a connection to a kubernetes api. So for example, if you have kubernetes api behind AWS load balancer with a certificate from AWS certificate manager then you have to set either
kubernetes_ca_cert
with one of the AWS root CA's or setpem_keys
. Setting public root CA looks odd to me. Settingpem_keys
not always possible as described in #3 and changed in #4. Maybe we can get rid of such behavior? I think it won't make any harm because even if the kubernetes api would be secured with a self-signed certificate and a user would forget to setkubernetes_ca_cert
he would see just an error like thisx509: certificate signed by unknown authority"
, what makes clear to user that he needs to setkubernetes_ca_cert
with appropriate ca cert.The text was updated successfully, but these errors were encountered: