-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Storage does not validate client certificate #117
Comments
@slashben do we want to fix that? |
we must, but it should be fairly simple |
it should be set up in |
nice, do we want to add a config entry for that certificate? or should we read it from somewhere in the downward API? |
Wait, we have two problems here. One is we need to have the client certificate of the API server (it can be take with The second is that we do not generate server certificate 😞 apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
spec: │
insecureSkipTLSVerify: true |
@matthyx see my PRs (they were tested locally) |
The current implementation does not validate peer TLS certificates and any client can connect it and pull data. It should only be the Kubernetes API server that is allowed to do queries.
The text was updated successfully, but these errors were encountered: